SID 1-59107

Report a false positive

Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows RDP path redirection remote code execution attempt

Rule Explanation

This rule blocks attempts to exploit a remote code execution vulnerability in Microsoft Windows RDP Client.

What To Look For

This rule blocks attempts to exploit a remote code execution vulnerability in Microsoft Windows RDP Client.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2022-21990

Additional Links

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21990

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

CVE-2022-21990
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285.
Details
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessLOW
Privileges RequiredNONE

Affected Systems

MITRE ATT&CK Framework

Tactic: Execution

Technique: User Execution

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org