CVE-2020-0681: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0681) was identified in the Windows Remote Desktop Client. The vulnerability was discovered and disclosed in February 2020, affecting Windows Remote Desktop Client users when connecting to malicious servers. This vulnerability is distinct from CVE-2020-0734 (NVD, CVE).

The vulnerability has been assigned a CVSS base score of 8.0, indicating a high severity level. The attack vector is network-based (AV:N) with high attack complexity (AC:H), requiring no authentication (Au:N), and potentially resulting in complete compromise of confidentiality, integrity, and availability (C:C/I:C/A:C) (Rapid7).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system when a user connects to a malicious Remote Desktop server. The potential impact includes complete system compromise, affecting the confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions, including Windows 10 (versions 1507 through 1909), Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. Users are advised to apply the appropriate security updates to mitigate this vulnerability (Rapid7).