Security News > 2020 > April > Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
This allows an attacker who can replace the legitimate DLL to bypass security controls such as AppLocker, which is designed to help users control which apps and files can be run.
"The attacker attempts to execute the malicious shell, and security controls block the attempt," the company explained.
"The attacker copies mstsc.exe to an insecure directory, and places the malicious shell in place of mstscax.dll, and executes mstsc.exe. Due to mstsc.exe being a system binary, digitally signed by Microsoft, it is considered a trusted process by security controls. Mstsc.exe loads the malicious shell. At this point, malicious code is running under the context of mstsc.exe, efficiently bypassing security controls."
The company told SecurityWeek that, depending on the malicious code being executed, an attacker could potentially exploit the flaw to elevate privileges.
News URL
Related news
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Azure Service Tags tagged as security risk, Microsoft disagrees (source)
- Microsoft shows venerable and vulnerable NTLM security protocol the door (source)
- June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- Microsoft delays Windows Recall amid privacy and security concerns (source)
- Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns (source)
- Microsoft delays Windows Recall rollout, more security testing needed (source)