Login Sign Up

CVE-2020-0919

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to load unsigned binaries in Microsoft Remote Desktop App for Mac, potentially enabling privilege escalation. It affects users running vulnerable versions of the Remote Desktop App on macOS systems. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges.

💻 Affected Systems

Products:
  • Microsoft Remote Desktop App for Mac
Versions: Versions prior to 10.3.7
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Microsoft Remote Desktop App for Mac, not Windows Remote Desktop or other remote desktop solutions.

📦 What is this software?

Windows App by Microsoft

View all CVEs affecting Windows App →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full system control by loading malicious unsigned binaries with elevated privileges, potentially leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local attacker or malware with initial access escalates privileges to install persistent backdoors, access sensitive data, or bypass security controls.

🟢

If Mitigated

With proper patch management and least privilege principles, impact is limited to isolated incidents that can be quickly contained and remediated.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring initial access to the system.
🏢 Internal Only: MEDIUM - Internal attackers or malware with initial foothold could exploit this to escalate privileges and move laterally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to execute code on the target system. No public exploit code was disclosed at the time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 10.3.7 or later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919

Restart Required: Yes

Instructions:

1. Open Microsoft Remote Desktop App for Mac. 2. Go to Help > Check for Updates. 3. Install version 10.3.7 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable or Remove Vulnerable Application

all

Uninstall Microsoft Remote Desktop App for Mac if not required, or restrict its use to non-privileged accounts.

sudo rm -rf /Applications/Microsoft\ Remote\ Desktop.app

Implement Application Whitelisting

all

Use macOS security features or third-party tools to restrict execution of unsigned binaries.

🧯 If You Can't Patch

  • Run Remote Desktop App with non-administrative privileges only
  • Implement strict endpoint detection and monitoring for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Microsoft Remote Desktop App version in the application's About dialog or via: mdls -name kMDItemVersion /Applications/Microsoft\ Remote\ Desktop.app

Check Version:

mdls -name kMDItemVersion /Applications/Microsoft\ Remote\ Desktop.app 2>/dev/null || echo "Application not found"

Verify Fix Applied:

Verify version is 10.3.7 or higher using the same command and ensure the application has been restarted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from Remote Desktop App context
  • Privilege escalation attempts in system logs
  • Loading of unsigned binaries by rdclient processes

Network Indicators:

  • Unusual outbound connections from rdclient processes
  • Lateral movement attempts following privilege escalation

SIEM Query:

process_name:"rdclient" AND (event_type:"process_execution" OR event_type:"privilege_escalation")

📊 Metadata

CVE ID: CVE-2020-0919
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.37% exploit probability (58.3th percentile)
Published: April 15, 2020
Last Updated: February 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON