Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It’s been patched, and experts say it may be less likely to happen than it seems at first glance.


Image: Shutterstock/BeeBright

A recently discovered vulnerability in Microsoft’s remote desktop protocol (RDP) goes back to Windows Server 2012 R2 and lets anyone who can connect to an RDP session gain near total control over other RDP users, launching a man-in-the-middle attack

Discovered by security researchers at CyberArk, the vulnerability has already been disclosed to Microsoft, which has in turn released a security update to fix it. Let that be your first warning: If your organization uses RDP, be sure you update affected systems as soon as possible.

The vulnerability occurs due to several factors, and “enables any standard unprivileged user connected to a remote machine via remote desktop to gain file system access to the client machines of other connected users, to view and modify clipboard data of other connected users, and to impersonate the identity of other users logged on to the machine using smart cards,” said the report’s author, Gabriel Sztejnworcel.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

To briefly explain, RDP uses logical connections called “pipes” to split a single connection into various virtual channels. For example, when a user connects to RDP, different pipes are created to handle visual output, drive mapping, the clipboard, user input and other types of data. 

Each of the pipes that an RDP server creates are named, and depending on the security settings of a pipe, duplicates with the same name can be created to handle multiple simultaneous connections. Names all start with TSVCPIPE and are followed with a GUID for the particular service that is randomly generated at creation, and each session uses the same named pipe. 

Herein lies the problem: “It turns out that the TSVCPIPE security descriptor allows any user to create pipe server instances of the same name. Moreover, the data is sent over the pipes in clear text and without any integrity checks,” the report said. 

So, if an attacker can connect to RDP, all they need to do is create a duplicate pipe and wait for a new connection. RDP automatically connects to the service that was created first, so when a new user connects, the existing malicious pipe will be the one their machine automatically connects to. At that point, the attacker controls both ends of the pipe and can read, pass and modify data between the client and host. 

In testing, Sztejnworcel said his team was able to use the vulnerability to gain access to a victim’s drives and files, as well as hijacking smart cards used for login to impersonate users and escalate privileges. 

How worried should you be about your vulnerable RDP?

Chris Clements, VP of solutions architecture at cybersecurity firm Cerberus Sentinel, said that, while the vulnerability is serious, it’s offset by the fact that an attacker has to already have gained access to an organization’s RDP service to initiate the attack. 

Clements warns that, even with that caveat, there’s still cause for concern, especially for organizations that have an internet-facing RDP system that acts as a shared terminal with multiple simultaneous connections. “An attacker that was able to gain access to even a low-privileged account could exploit this vulnerability to pivot throughout the victim’s organization and cause significant damage,” Clements said. 

Erich Kron, a security awareness advocate at KnowBe4, said the COVID-19 crisis and the shift to remote work have given bad actors a lot of new opportunities to exploit this vulnerability that they may not have had before. Websites like, which maps internet-connected devices into a searchable database, make the potential for misuse even higher, he said.

SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

It’s worth noting that Shodan has legitimate uses, and it’s not a free service. That said, anyone who really wants to use it for nefarious purposes probably isn’t stopped by the need to fork over the $59 needed for a month of access.

“Whenever using RDP for remote access to their network, and especially with this vulnerability active, organizations should consider making any current RDP services only available through a VPN, removing direct access to the internet,” Kron said. 

Kron also recommends the same things security professionals and business leaders have been hearing for years: Enable multi factor authentication, log all failed connection attempts and review them regularly, and train employees in good password practices and security habits. 

Also see

Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma