Security News > 2020 > April > Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC

A DLL side-loading vulnerability related to the Microsoft Terminal Services Client can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.

This allows an attacker who can replace the legitimate DLL to bypass security controls such as AppLocker, which is designed to help users control which apps and files can be run.

"The attacker attempts to execute the malicious shell, and security controls block the attempt," the company explained.

"The attacker copies mstsc.exe to an insecure directory, and places the malicious shell in place of mstscax.dll, and executes mstsc.exe. Due to mstsc.exe being a system binary, digitally signed by Microsoft, it is considered a trusted process by security controls. Mstsc.exe loads the malicious shell. At this point, malicious code is running under the context of mstsc.exe, efficiently bypassing security controls."

The company told SecurityWeek that, depending on the malicious code being executed, an attacker could potentially exploit the flaw to elevate privileges.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/cVg91n_-eyA/microsoft-will-not-patch-security-bypass-flaw-abusing-mstsc