In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a coordinated disclosure process. Microsoft has released a fix in the latest security update and the vulnerability is now identified as CVE-2022-21893.
TL;DR
This vulnerability enables any standard unprivileged user connected to a remote machine via remote desktop to gain file system access to the client machines…