Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability CVE-2021-1674 Security Vulnerability Released: Jan 12, 2021 Assigning CNA: Microsoft Impact: Security Feature Bypass Max Severity: Important CVSS Source: Microsoft CVSS:3.1 8.8 / 7.7 Metric --- Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Integrity Availability Temporal score metrics (3) Exploitability Metrics (3) Remediation Level (3) Reported Date: Jan 12, 2021 Last Modified: Jan 12, 2021 References: 1. Microsoft Knowledge Base Article 2. Microsoft Security Advisory Summary: This vulnerability, identified as CVE-2021-1674, is a security feature bypass vulnerability in the Windows Remote Desktop Protocol (RDP) Core. It was released on January 12, 2021, and has a maximum severity rating of Important. The vulnerability has a CVSS score of 8.8 (3.1) for confidentiality, integrity, and availability, respectively. The attack vector is network-based, and no user interaction is required. The scope is unchanged, and the privileges required are low. The vulnerability was reported on January 12, 2021, and last modified on the same date.