<< Back
CVE Number Vulnerability Product Severity Date
MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094) Windows 7 Critical 15-07-2015

Technical Information

Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.

Detailed Information on the risk:

A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) (terminal) service handles packets. While the most likely outcome of this vulnerability is denial of the remote desktop (terminal) service (DOS), remote code execution is possible.
To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Further information on this exploit is available at : MS15-067

Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows 8 for 32-bit Systems 
Windows 8 for x64-based Systems 
Windows Server 2012 
Windows Server 2012 (Server Core installation)

Affected Software

Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows 8 for 32-bit Systems 
Windows 8 for x64-based Systems 
Windows Server 2012 
Windows Server 2012 (Server Core installation)