Microsoft Windows CVE-2016-0190 Information Disclosure Vulnerability

description-logoDescription

An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user. An attacker who successfully exploited this vulnerability could obtain access to file and directory information on the mounting users USB disk. This update addresses the vulnerability by ensuring that access to USB disks over RDP is correctly enforced to prevent non-mounting session access.

affected-products-logoAffected Applications

Windows Server 2012

CVE References

CVE-2016-0190