computer with any untrusted people for many reasons—it’s basic
cyber security advice, and common sense, right?
But what if I say, you should not even trust anyone who invites
or offers you full remote access to their computers?
Security researchers at cybersecurity firm Check Point have
discovered[1]
more than two dozen vulnerabilities in both open-source RDP clients
and Microsoft’s own proprietary client that could allow a malicious
RDP server to compromise a client computer, reversely.
RDP, or Remote Desktop Protocol, allows users to connect to
remote computers. The protocol is usually used by technical users
and IT administrators to remotely connect to other devices on the
network.
RDP was initially developed by Microsoft for its Windows operating
system, but there are several open source clients for the RDP
protocol that can be used on Linux as well as Unix systems.
Check Point researchers recently conducted a detailed analysis
of three popular and most commonly used RDP clients—FreeRDP,
rdesktop, and Windows built-in RDP client—and identified a total of
25 security flaws, some of which could even allow a malicious RDP
server to remotely take control of computers running the client RDP
software.
FreeRDP, the most popular and mature open-source RDP client on
Github, has been found vulnerable to six vulnerabilities, five of
which are major memory corruption issues that could even result in
remote code execution on the client’s computer.
rdesktop, an older open-source RDP client that comes by default in
Kali Linux distributions, has been found to be the most vulnerable
RDP client with a total of 19 vulnerabilities, 11 of which could
allow a malicious RDP server to execute arbitrary code on the
client’s computer.
Though Windows built-in RDP client does not contain any remote
code execution flaw, researchers discovered some interesting attack
scenarios that are possible because the client and the server share
the clipboard data, allowing the client to access and modify
clipboard data on the server end and vice-versa.
“A malicious RDP server can eavesdrop on the client’s
clipboard—this is a feature, not a bug. For example, the client
locally copies an admin password, and now the server has it too,”
researchers say while explaining the first attack scenario.
“A malicious RDP server can modify any clipboard content used by
the client, even if the client does not issue a ‘copy’ operation
inside the RDP window. If you click ‘paste’ when an RDP connection
is open, you are vulnerable to this kind of attack,” reads the
second attack scenario.
how the clipboard attack using Microsoft’s RDP software could even
allow malicious RDP server to trick client system into saving a
malware file in Windows’ startup folder, which will automatically
get executed every time the system boots.
Researchers reported the vulnerabilities to the developers of the
impacted RDP clients in October 2018. FreeRDP patched the flaws as
part of its v2.0.0-rc4 release and rolled out the software release
to its GitHub repository less than a month after being notified.
Rdesktop patched the issues as part of its v1.8.4 release and
rolled out the fix in mid-January.
Microsoft acknowledged the researchers’ findings but decided not to
address the issues. The tech giant said: “We determined your
finding is valid but does not meet our bar for servicing. For more
information, please see the Microsoft Security Servicing Criteria
for Windows (https://aka.ms/windowscriteria).”
against the attacks demonstrated by the researchers by merely
disabling the clipboard-sharing feature, which comes enabled by
default, when connecting to a remote machine.
References
- ^
discovered
(research.checkpoint.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/1M1X_buaUk4/remote-desktop-hacking.html