Rapid7 Vulnerability & Exploit Database

MS15-030: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

Back to Search

MS15-030: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
03/10/2015
Created
07/25/2018
Added
03/10/2015
Modified
09/09/2016

Description

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker creates multiple RDP sessions that fail to properly free objects in memory. Note that the denial of service would not allow an attacker to execute code or to elevate their user rights. However, it could prevent legitimate users from logging on through remote desktop. An unauthenticated attacker could use this vulnerability to exhaust the system memory by creating multiple RDP sessions. An attacker who successfully exploited the vulnerability could cause the target system to stop responding. The update addresses the vulnerability by correcting how RDP manages objects in memory.

Solution(s)

  • WINDOWS-HOTFIX-MS15-030-01f44232-4a5e-4bc0-9e36-826567d88a74
  • WINDOWS-HOTFIX-MS15-030-07c9acac-096f-48b7-a3af-964c70741a49
  • WINDOWS-HOTFIX-MS15-030-29c9568e-e830-4c2a-aba5-5f5a57e0fbf2
  • WINDOWS-HOTFIX-MS15-030-42656226-0a84-48c4-97e1-9c55aed4a8bd
  • WINDOWS-HOTFIX-MS15-030-4a3cd85c-637d-4f9f-b74f-d15607e4e277
  • WINDOWS-HOTFIX-MS15-030-6f61c744-d545-425e-b1df-433d0c3e8b7b
  • WINDOWS-HOTFIX-MS15-030-7b24e05a-41f3-49e2-b2ab-de6ee7f9533d
  • WINDOWS-HOTFIX-MS15-030-86c6e8ee-c20d-4b51-aa3d-940644131ee0
  • WINDOWS-HOTFIX-MS15-030-8f21abe6-d802-4023-91a1-7c4b50f5b54a
  • WINDOWS-HOTFIX-MS15-030-97d2b78f-0ca2-4b6a-8f55-3fe657f4caaa
  • WINDOWS-HOTFIX-MS15-030-c00a51ba-6501-4c74-96b6-f266ec3a5722
  • WINDOWS-HOTFIX-MS15-030-c4a25a8b-718c-4d5d-988a-c0831dd92f14
  • WINDOWS-HOTFIX-MS15-030-d70b3e3d-04f7-40b5-96f9-e63ef485b361
  • WINDOWS-HOTFIX-MS15-030-eb29a3ff-dccb-4e4c-ae4d-35ecc7e77148

References

  • WINDOWS-HOTFIX-MS15-030-01f44232-4a5e-4bc0-9e36-826567d88a74
  • WINDOWS-HOTFIX-MS15-030-07c9acac-096f-48b7-a3af-964c70741a49
  • WINDOWS-HOTFIX-MS15-030-29c9568e-e830-4c2a-aba5-5f5a57e0fbf2
  • WINDOWS-HOTFIX-MS15-030-42656226-0a84-48c4-97e1-9c55aed4a8bd
  • WINDOWS-HOTFIX-MS15-030-4a3cd85c-637d-4f9f-b74f-d15607e4e277
  • WINDOWS-HOTFIX-MS15-030-6f61c744-d545-425e-b1df-433d0c3e8b7b
  • WINDOWS-HOTFIX-MS15-030-7b24e05a-41f3-49e2-b2ab-de6ee7f9533d
  • WINDOWS-HOTFIX-MS15-030-86c6e8ee-c20d-4b51-aa3d-940644131ee0
  • WINDOWS-HOTFIX-MS15-030-8f21abe6-d802-4023-91a1-7c4b50f5b54a
  • WINDOWS-HOTFIX-MS15-030-97d2b78f-0ca2-4b6a-8f55-3fe657f4caaa
  • WINDOWS-HOTFIX-MS15-030-c00a51ba-6501-4c74-96b6-f266ec3a5722
  • WINDOWS-HOTFIX-MS15-030-c4a25a8b-718c-4d5d-988a-c0831dd92f14
  • WINDOWS-HOTFIX-MS15-030-d70b3e3d-04f7-40b5-96f9-e63ef485b361
  • WINDOWS-HOTFIX-MS15-030-eb29a3ff-dccb-4e4c-ae4d-35ecc7e77148

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;