Related News

Security

III. Exploitation on Remote Desktop

by JUCC ISTF

/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */

Vulnerabilities in Remote Desktop Connection

Vulnerabilities have been discovered in the Microsoft Remote Desktop Connection which could allow an attacker to take complete control of an affected system. Exploitation occurs if a user uses Microsoft Remote Desktop Connection to connect to a malicious RDP server, or if a user visits a web page or opens a malicious e-mail attachment which is specifically crafted to take advantage of these vulnerabilities.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

A recent vulnerability (MS09-044) has been discovered in Aug 2009 in the Microsoft Remote Desktop Connection that could allow an attacker to take complete control of an affected system.

 

- Description of vulnerability - The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted web site that exploits this vulnerability.

 

- Impact of vulnerability - Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

- Affected RDP versions - Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3.

 

- Recommendation - Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Read More [Next article]