Vulnerabilities > CVE-2014-0296 - Cryptographic Issues vulnerability in Microsoft products

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

microsoft

CWE-310

nessus

NVD

Published: 2014-06-11

Updated: 2019-05-15

Summary

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 7 - Microsoft Windows 8 - Microsoft Windows 8.1 - Microsoft Windows Server 2012 - Microsoft Windows Server 2012 R2	5

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Msbulletin

bulletin_id	MS14-030
bulletin_url
date	2014-06-10T00:00:00
impact	Tampering
knowledgebase_id	2969259
knowledgebase_url
severity	Important
title	Vulnerability in Remote Desktop Could Allow Tampering

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS14-030.NASL
description	The remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote Desktop Protocol (RDP). An attacker could exploit this vulnerability to modify the traffic content of an active RDP session.
last seen	2020-06-01
modified	2020-06-02
plugin id	74422
published	2014-06-11
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74422
title	MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74422); script_version("1.8"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0296"); script_bugtraq_id(67865); script_xref(name:"MSFT", value:"MS14-030"); script_xref(name:"MSKB", value:"2966034"); script_xref(name:"MSKB", value:"2965788"); script_name(english:"MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)"); script_summary(english:"Checks version of rdpcorets.dll."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a tampering vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote Desktop Protocol (RDP). An attacker could exploit this vulnerability to modify the traffic content of an active RDP session."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-030"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1, and 2012 R2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0296"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS14-030'; kb = '2965788'; kbs = make_list( 2966034, # Windows 8.1/2012 R2 w/o 2919355 2965788 # Everything else. ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); # Server 2008 is not affected. product_name = get_kb_item_or_exit("SMB/ProductName", exit_code:1); if ("Server 2008" >< product_name) audit(AUDIT_INST_VER_NOT_VULN, product_name); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # 8.1 / 2012 R2 hotfix_is_vulnerable(os:"6.3", sp:0, file:"rdpcorets.dll", version:"6.3.9600.17116", min_version:"6.3.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows 8.1/2012 R2 w/o 2919355 hotfix_is_vulnerable(os:"6.3", sp:0, file:"rdpcorets.dll", version:"6.3.9600.16663", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:"2966034") \|\| # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"rdpcorets.dll", version:"6.2.9200.16912", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.2", sp:0, file:"rdpcorets.dll", version:"6.2.9200.21035", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows 7 SP1 hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.2.9200.16912", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.2.9200.21035", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.1.7601.18465", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"rdpcorets.dll", version:"6.1.7601.22678", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Msbulletin

Nessus

References