I'm a bit unclear about one specific vulnerability about Remote Desktop (CVE-2005-1794). Microsoft knowledge base does not seem to address it well. Basically the description of the vunlnerability from Mitre is:
"Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks."
I understand that there is no patch for this vulnerability on 5.2. My guess is this may be a false positive from my VA appliance for the following reasons because windows does not report the version of the Remote Desktop Protocol Terminal Services and thus, the VA scanner would think the version is still 5.2.
However, I would like to know was this vulnerability fixed in 6.0 and beyond? There's nothing on the Microsoft website that says it was fixed.
Also, what would be the best way to check the version on my machine? What I'm doing right now is checking the termsrv.dll and looking for the version under properties. Would that be sufficient?