Security News > 2022 > January > Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

The bug dates back at least to Windows Server 2012 R2, CyberArk software architect and security champion Gabriel Sztejnworcel wrote, leading the firm to conclude that the latest versions of Windows - including client and server editions - are affected.

Sztejnworcel's writeup goes into great detail about how the attack works, but some basics on RDP plumbing include the fact that RDP splits a single connection into multiple logical connections called virtual channels for handling different types of data.

As the video shows, the researchers were able to see clipboard data that could have comprised images, files or text that might contain personal data or sensitive data such as passwords, "Which is often the case in RDP sessions," Sztejnworcel said.

RDP attacks are as old as dirt, but this new vulnerability adds a twist, showing "An example of an unconventional attack vector targeting RDP. Instead of tapping into the input side of the server/client as one usually does, we abused the RDP server internal mechanism as an entry point," the report summed up.

As remote work has surged, cybercriminals have taken note of the increased adoption of RDP - not hard to do, given that a simple Shodan search reveals thousands of vulnerable servers reachable via the internet, along with millions of exposed RDP ports.

Bud Broomhead, CEO at Viakoo, observed that RDP vulnerabilities "Enable some of the worst cyber-criminal activities, including planting of deepfakes, data exfiltration, and spoofing of identity and credentials."

News URL

https://threatpost.com/windows-bug-rdp-exploit-unprivileged-users/177599/