Microsoft RDS is Microsoft’s Remote Desktop Service that was introduced for implementing virtualisation for user end. The features of Microsoft’s RDS include deployment flexibility, cost efficiency and extensibility. There are many servers that use older versions of MDAC (Microsoft Data Access Components) that had a vulnerability that allowed an attacker to execute malicious commands on the server with unauthorised administrator access. This vulnerability exposes /msadc/msadcs.dll using VbBusObj or AdvancedDataFactory to insert shell commands into the Microsoft Access Database, ODBC/JET Data Source Name (DSN) and MSSQL. Updating the MDAC version will fix the issue. But if an attacker gets hold of msadcs.dll, he can perform remote command execution (But, not through RDS).
Using this vulnerability, an attacker can:-
Beagle recommends the following impacts:-