Security News > 2022 > January > Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle
The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.
A recently discovered vulnerability in Microsoft's remote desktop protocol goes back to Windows Server 2012 R2 and lets anyone who can connect to an RDP session gain near total control over other RDP users, launching a man-in-the-middle attack.
Each of the pipes that an RDP server creates are named, and depending on the security settings of a pipe, duplicates with the same name can be created to handle multiple simultaneous connections.
RDP automatically connects to the service that was created first, so when a new user connects, the existing malicious pipe will be the one their machine automatically connects to.
How worried should you be about your vulnerable RDP? Chris Clements, VP of solutions architecture at cybersecurity firm Cerberus Sentinel, said that, while the vulnerability is serious, it's offset by the fact that an attacker has to already have gained access to an organization's RDP service to initiate the attack.
"Whenever using RDP for remote access to their network, and especially with this vulnerability active, organizations should consider making any current RDP services only available through a VPN, removing direct access to the internet," Kron said.
News URL
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)