Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday January 14, @05:22AM   Printer-friendly

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft:

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.

Remote Desktop Protocol (RDP) pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users' machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned.

Insider attackers could, for instance, view and modify other people's clipboard data, or impersonate other logged-in users using smart cards.

The vulnerability, tracked as CVE-2022-21893, wasn't ballyhooed amid yesterday's crowded mega-dump of Patch Tuesday security updates, but it's more than worthy of scrutiny, according to a Tuesday report from CyberArk, which discovered the bug lurking in Windows Remote Desktop Services.

What's more, it's a widespread issue. The bug dates back at least to Windows Server 2012 R2, CyberArk software architect and security champion Gabriel Sztejnworcel wrote, leading the firm to conclude that the latest versions of Windows – including client and server editions – are affected.

"We can say that the majority of Windows versions in use today are affected," he confirmed. It's also easy to exploit. Microsoft said that an exploit of the vulnerability would be of low complexity[,] leading to a CVSS criticality rating of 7.7 out of 10, making it "important" in severity.

[...] As remote work has surged, cybercriminals have taken note of the increased adoption of RDP – not hard to do, given that a simple Shodan search reveals thousands of vulnerable servers reachable via the internet, along with millions of exposed RDP ports. In fact, between Q1 and Q4 2020, attacks against RDP surged by 768 percent, Dunn noted, while an October 2020 report published by Kroll identified that 47 percent of ransomware attacks were preceded by RDP compromise.

Bud Broomhead, CEO at Viakoo, observed that RDP vulnerabilities "enable some of the worst cyber-criminal activities, including planting of deepfakes, data exfiltration, and spoofing of identity and credentials."

He told Threatpost on Wednesday that while RDP is required for normal system maintenance, it can't be left to run on its lonesome. "Additional defenses like establishing a zero-trust framework and having an automated method of quickly implementing firmware fixes are needed to ensure RDP is used safely," he said via email.

Do you ever take any practical action when you see these warnings, or do you just trust your distro to issue updated software?


Original Submission

 

Reply to: ORLY?

    (Score: 5, Insightful) by Runaway1956 on Friday January 14, @02:32PM

    by Runaway1956 (2926) Subscriber Badge on Friday January 14, @02:32PM (#1212669) Homepage

    He told Threatpost on Wednesday that while RDP is required for normal system maintenance,

    Uhhh, excuse me? Required for normal system maintenance? Nonsense. RDP is one of the things I disable immediately after a new installation of Windows. "Normal" maintenance is not affected, in the slightest. "Remote" mainenance is inhibited - and that is the whole point of disabling the service. I don't need or want remote maintenance and/or administration. Which means, unless you are in a corporate environment, and the IT people insist on remote administration, it is safe to turn off RDP. To be clear, Remote Desktop Protocol is a backdoor exploit into your machine. If, and only if, your employer requires it should it ever be turned on.

    Why can't anyone be honest about all that nonsense? Threatpost is supposed to be concerned about security? They they should clearly state that the average user should simply disable the service.

Post Comment

Edit Comment You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.

Public Terminal

Anonymous Coward [ Create an Account ]

Use the Preview Button! Check those URLs!


Score: 0 (Logged-in users start at Score: 1). Create an Account!

Allowed HTML
<b i p br a ol ul li dl dt dd em strong tt blockquote div ecode quote sup sub abbr sarc sarcasm user spoiler del>

URLs
will auto-link a URL

Important Stuff

  • Please try to keep posts on topic.
  • Try to reply to other people's comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
  • If you want replies to your comments sent to you, consider logging in or creating an account.

If you are having a problem with accounts or comment posting, please yell for help.