Security News > 2020 > May > Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable
Remember the Reverse RDP Attack-wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?
Though Microsoft had patched the vulnerability as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.
Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655.
Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough to protect other third-party RDP clients against the same attack that relies on the vulnerable sanitization function developed by Microsoft.
According to researchers, the July patch can be bypassed because of a problem that lies in its path canonicalization function "PathCchCanonicalize," which is used to sanitize file paths, thus allowing a bad actor to exploit the clipboard synchronization between a client and a server to drop arbitrary files in arbitrary paths on the client machine.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/ZfVllQAorc0/reverse-rdp-attack-patch.html
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-0655 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8.0 |