#Security Vulnerability

**Why are Confidentiality, Integrity, and Availability rated as low in CVSS?** While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 22.1.2 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

**What information could be disclosed through this vulnerability?** An attacker could potentially read small portions of heap memory.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**What information could be disclosed through this vulnerability?** An attacker could potentially read small portions of heap memory.

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 22.1.2 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What information could be disclosed through this vulnerability?** An attacker could potentially read small portions of heap memory.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.