CVE-2016-0019

Vulnerability

The Remote Desktop Protocol (RDP) service in Microsoft Windows 10 Gold and Windows 10 version 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client [1]. This vulnerability arises from insufficient enforcement of the default security policy that prevents remote logon for accounts without passwords.

Exploitation

An attacker needs network access to a target system running an affected version of Windows 10 and must use a specially modified RDP client. No authentication is required, as the vulnerability targets accounts that have no password set. The attacker can initiate an RDP connection to the blank-password account, gaining a remote session without proper authorization [1].

Impact

Successful exploitation allows the attacker to log on remotely as the blank-password user. This results in unauthorized access to the system, potentially leading to further compromise depending on the privileges of the account. The vulnerability is classified as a security bypass, with the attacker gaining interactive access to the target [1].

Mitigation

Microsoft released security update MS16-007 (KB3124901) on January 12, 2016, which addresses this vulnerability by enforcing the default setting that does not allow remote logon for accounts without passwords [1]. Affected users should apply the update immediately. No workarounds are documented; upgrading to a supported version is recommended for systems past their support life cycle.