| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Windows Remote Desktop Services Denial of Service Vulnerability |
| Windows Remote Desktop Services Denial of Service Vulnerability |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability |
| Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Mitigation FAQs
Should I leverage the temporary mitigation?
Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.
What impact to service availability/management could be caused by implementing the mitigations?
Implementing these mitigations will not impact service availability or management operations.
Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?
No. The security update will maintain the mitigation's behavior once the security update is installed.
I am using TPM+PIN, am I at risk of this vulnerability being exploited
No, if you are using TPM+PIN the vulnerability is not exploitable. |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. |
| Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. |
| Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. |
