This security update resolves a privately reported vulnerability in the TS WebProxy component in Windows 7 and Windows Server 2008 R2 if the Remote Desktop Connection 8.0 client update is installed. The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on by using administrative user rights, an attacker could then do the following:
Customers whose accounts are configured to have fewer user rights on the system could be less affected than users who operate by using administrative user rights.
- Install programs
- View, change, or delete data
- Create new accounts that have full user rights
Customers whose accounts are configured to have fewer user rights on the system could be less affected than users who operate by using administrative user rights.