Technical Information

Brief overview of the risk:
The vulnerability could allow denial of service if an attacker creates multiple Remote Desktop Protocol (RDP) sessions that fail to properly free objects in memory. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Detailed Information on the risk:

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker creates multiple RDP sessions that fail to properly free objects in memory. Note that the denial of service would not allow an attacker to execute code or to elevate their user rights. However, it could prevent legitimate users from logging on through remote desktop. An unauthenticated attacker could use this vulnerability to exhaust the system memory by creating multiple RDP sessions. An attacker who successfully exploited the vulnerability could cause the target system to stop responding. The update addresses the vulnerability by correcting how RDP manages objects in memory.

Further information on this exploit is available at : MS15-030

Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows 8 for 32-bit Systems 
Windows 8 for x64-based Systems 
Windows 8.1 for 32-bit Systems 
Windows 8.1 for x64-based Systems 
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2 
Windows Server 2012 (Server Core installation) 
Windows Server 2012 R2 (Server Core installation)