Microsoft Security Response Center

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process.

**According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability?** An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**How would an attacker exploit this vulnerability?** An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?** An attacker could impact availability of the service resulting in Denial of Service (DoS).