CVE-2014-6318

Microsoft Windows - Remote Desktop Protocol Improper Authentication

Title source: llm

Description

The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."

References (4)

Core 4

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-074

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/70981

Vendor Advisory x_refsource_confirm

http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60089

Scores

EPSS 0.1138

EPSS Percentile 95.4%

Details

CWE

CWE-287

Status published

Products (10)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_vista

Published Nov 11, 2014

Tracked Since Feb 18, 2026