Print Page - Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Title: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: icecream-guy on May 22, 2019, 07:02:15 AM

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

--
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: Otanx on May 22, 2019, 08:41:11 AM

You know it is a big deal when they back port patches to XP, and 2003. The only saving grace is it isn't a publicly disclosed vulnerability, but that won't last.

-Otanx

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: deanwebb on May 22, 2019, 03:54:42 PM

This is a VERY big deal.

Damn RDP...

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: Dieselboy on May 23, 2019, 09:29:51 PM

Fantastic! :XD:

Once a few years ago I was trying to RDP to my windows XP system over the internet at home (before VPN). I knew something was wrong because the RDP screen looked like Windows Server 2003. I didnt recognise the domain either. I checked the IP address and I had mis-typed my IP and got someone elses Windows server.

Knowing cloud and engineers - I bet there are a ton of Windows VMs running in Azure that are accepting RDP connections from any source IP.

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: icecream-guy on May 24, 2019, 06:53:13 AM

we're tightening firewalls to remove the insecure protocols. RDP, TFTP, FTP, etc. users still wanting to use these protocols, have to go through the security team to get a waiver to make (and document) the exception. The RDP guys are like :'(

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: deanwebb on June 04, 2019, 05:32:18 PM

Quote from: Dieselboy on May 23, 2019, 09:29:51 PM
Fantastic! :XD:

Once a few years ago I was trying to RDP to my windows XP system over the internet at home (before VPN). I knew something was wrong because the RDP screen looked like Windows Server 2003. I didnt recognise the domain either. I checked the IP address and I had mis-typed my IP and got someone elses Windows server.

Knowing cloud and engineers - I bet there are a ton of Windows VMs running in Azure that are accepting RDP connections from any source IP.

I'm always terrified of systems with RDP open to the Internet.

This video is now relevant to this thread:

https://www.youtube.com/watch?v=NUNEZ9-4v_E

Title: Re: Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Post by: Dieselboy on June 05, 2019, 09:13:56 PM

QuoteI have it how I like it

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: icecream-guy on May 22, 2019, 07:02:15 AM