AnsweredAssumed Answered

QID 90810 - Microsoft Remote Desktop Remote Code Execution Vulnerability (MS12-036)

Question asked by John Malon on Oct 24, 2019
Latest reply on Oct 28, 2019 by Robert Dell'Immagine

Dear Community,

 

We are starting to see QID 90810s showing up on our few remaining 2008 servers.  These servers were patched to current on 10/10/2019.  Prior to yesterday, we did not show this vulnerability on our servers.  The results section points to %windir%\system32\drivers\rdpwd.sys being version is 6.0.6003.20642, which we have verified is true.  However, all of the patches listed to fix the QID 90810 are from 2012 and were installed years ago.

 

The original QID came out on 6/12/2012, but it was last modified by Qualys on 10/23/2019, but it doesn't list the changes made or the reason for the change.

 

Are others seeing this issue?  Is this a false positive?

 

Thank you for your comments!

Outcomes