-->
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Remote Desktop Services

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

May 14, 2020Ravie Lakshmanan
Remember the Reverse RDP Attack —wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655. In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged. Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof en
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

August 13, 2019Swati Khandelwal
If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ' BlueKeep ' RDP vulnerability. Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181 , CVE-2019-1182 , CVE-2019-1222 , and CVE-2019-1226 , can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction. Just like BlueKeep RDP flaw , all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically. "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RD
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.