It's not obvious from the advisory, but the same code runs in RDP client. The issues have been patched in both. This would have allowed a malicious server to compromise a client without any alerting behavior, or a MitM attack with a warning confirmation.
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Can you share info on why 2 of the RCEs aren't considered wormable? Are they local network or require user interaction?
-
Are you referring to CVE-2019-1222 and -1226? If so, then they're hypothetically still wormable. However, the team successfully weaponized 1181/1182, so Simon and MSRC chose to highlight those as especially risky.
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.