Release Notes
WYSE_RDP Client add-on to resolve CredSSP
Remote Code Execution security vulnerability
issue
Release type and denition
The scope of this add-on release is to update the WYSE_RDP Client to address the CredSSP Remote Code Execution vulnerability issue.
This add-on is intended for the following platforms running ThinLinux 1.0.7.x:
• Wyse 3040 thin client with ThinLinux
• Wyse 3030 LT thin client with ThinLinux
• Wyse 5060 thin client with ThinLinux
• Wyse 5020 thin client with ThinLinux—D50Q
• Wyse 7020 thin client with ThinLinux—Z50Q
For more information about the CredSSP Remote Code Execution vulnerability issue, see the article CVE-2018-0886 at
Support.microsoft.com.
Priority and recommendations
Urgent: Dell highly recommends applying this update as soon as possible. The update contains changes to improve the reliability and
availability of your Dell system.
What is new
The WYSE_RDP Client add-on addresses the CredSSP Remote Code Execution vulnerability issue.
A remote code execution vulnerability issue is observed in the Credential Security Support Provider (CredSSP) protocol. A user can use the
login credentials to execute code on the target system. This vulnerability issue can be observed on any application that uses the CredSSP
authentication. Installing this security update resolves the validation issue with CredSSP protocol during authentication.
Add-on package information
Table 28. RPM add-on details
RPM add-on details
Build le name wyse_rdpclient-8.01.04-04.002.x86_64.rpm
Size 2,002,932 bytes
6
30 WYSE_RDP Client add-on to resolve CredSSP Remote Code Execution security vulnerability issue