CVE-2022-21990: 
vulnerability analysis and mitigation

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990) was disclosed in March 2022 as part of Microsoft's Patch Tuesday updates. The vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server installations (NVD, Krebs Security).

The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a network-attackable vulnerability with low attack complexity, requiring user interaction, and potentially resulting in high impacts to confidentiality, integrity, and availability. Under CVSS v2.0, it received a base score of 6.8 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on affected systems, potentially gaining the same rights as the logged-in user. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (NVD).

Microsoft addressed this vulnerability as part of its March 2022 Patch Tuesday updates. Users are advised to apply the security updates provided by Microsoft to affected systems (Krebs Security, Microsoft Security).