CVE-2022-39195 is a vulnerability that affects the Remote Desktop Protocol (RDP) in Windows 10 and Windows Server. It allows an attacker to bypass the Network Level Authentication (NLA) security feature, which requires users to authenticate before establishing a remote desktop connection. This vulnerability could potentially lead to a complete compromise of the target system, as an attacker with network access to the RDP server could execute arbitrary code remotely.
The vulnerability was discovered on May 26, 2022, by researchers from McAfee's Advanced Threat Research team. They reported it to Microsoft, who released a patch for it as part of its June 2022 Patch Tuesday updates. The vulnerability is rated as critical, with a CVSS score of 9.8 out of 10.
There have been no known instances of this vulnerability being exploited in the wild at the time of discovery or since it was patched. However, given the potential impact of this vulnerability, it is important for organizations using RDP to apply the necessary patches as soon as possible to minimize their risk exposure.