Security 10748 Published by

Microsoft updated the following security bulletin:

MS11-017 - Important: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) - Version:1.4



MS11-017 - Important: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) - Version:1.4
Severity Rating: Important - Revision Note: V1.4 (April 15, 2011): Corrected the bulletin replacement information for Remote Desktop Connection 6.0 Client on supported editions of Windows Server 2003 and Remote Desktop Connection 6.1 Client on supported editions of Windows Server 2008. This is a bulletin change only. There were no changes to the detection or security update files.

Summary: This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Read more