Vulnerabilities > CVE-2014-0296 - Cryptographic Issues vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
CWE-310
nessus
NVD
Published: 2014-06-11
Updated: 2024-11-21

Summary

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Msbulletin

bulletin_idMS14-030
bulletin_url
date2014-06-10T00:00:00
impactTampering
knowledgebase_id2969259
knowledgebase_url
severityImportant
titleVulnerability in Remote Desktop Could Allow Tampering

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-030.NASL
descriptionThe remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote Desktop Protocol (RDP). An attacker could exploit this vulnerability to modify the traffic content of an active RDP session.
last seen2020-06-01
modified2020-06-02
plugin id74422
published2014-06-11
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/74422
titleMS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74422);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-0296");
  script_bugtraq_id(67865);
  script_xref(name:"MSFT", value:"MS14-030");
  script_xref(name:"MSKB", value:"2966034");
  script_xref(name:"MSKB", value:"2965788");

  script_name(english:"MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)");
  script_summary(english:"Checks version of rdpcorets.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a tampering vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a tampering vulnerability due
to an encryption weakness in the Remote Desktop Protocol (RDP). An
attacker could exploit this vulnerability to modify the traffic
content of an active RDP session.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-030");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1,
and 2012 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0296");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-030';
kb = '2965788';

kbs = make_list(
  2966034,  # Windows 8.1/2012 R2 w/o 2919355
  2965788   # Everything else.
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Server 2008 is not affected.
product_name = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Server 2008" >< product_name) audit(AUDIT_INST_VER_NOT_VULN, product_name);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # 8.1 / 2012 R2
  hotfix_is_vulnerable(os:"6.3", sp:0, file:"rdpcorets.dll", version:"6.3.9600.17116", min_version:"6.3.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # Windows 8.1/2012 R2 w/o 2919355
  hotfix_is_vulnerable(os:"6.3", sp:0, file:"rdpcorets.dll", version:"6.3.9600.16663", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:"2966034") ||

  # Windows 8 / Windows Server 2012
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"rdpcorets.dll", version:"6.2.9200.16912", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"rdpcorets.dll", version:"6.2.9200.21035", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 SP1
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.2.9200.16912", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.2.9200.21035", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.1.7601.18465", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.1.7601.22678", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

References