What's new

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,658
8,947
OS
Windows 10
BR
Chrome 81.0.4044.138
Reverse RDP Attacks
Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?

Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.

Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655.

In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged.


Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough to protect other third-party RDP clients against the same attack that relies on the vulnerable sanitization function developed by Microsoft.

"We found that not only can an attacker bypass Microsoft's patch, but they can bypass any canonicalization check that was done according to Microsoft's best practices," Check Point researcher Eyal Itkin said in a report shared with The Hacker News.

For those unaware, path traversal attacks occur when a program that accepts a file as input fails to verify it, allowing an attacker to save the file in any chosen location on the target system, and thus exposing the contents of files outside of the root directory of the application.

"A remote malware-infected computer could take over any client that tries to connect to it. For example, if an IT staff member tried to connect to a remote corporate computer that was infected by malware, the malware would be able to attack the IT staff member's computer as well," the researchers described.

The flaw came to light last year, and a subsequent research in August found that it impacted Microsoft's Hyper-V hardware virtualization platform as well.

Here's a demonstration video on the original vulnerability from the last year:

Source: thehackernews
 
Similar threads
Thread starter Title Forum Replies Date
B MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 1
DVDR_Dog Microsoft to end Windows 10 support on October 14th, 2025 Windows News 4
DVDR_Dog Microsoft Surface = iPad Pro? Windows 10 Hardware Chat and Support 1
theThinker202 Microsoft AI... What is really known? Windows 10 Software Chat and Support 7
Z Can't install Microsoft Office 2016 in Mac OS Catalina 10.15.7 Smartphones and other Devices Chat & Support 2
ThumperTM Microsoft, McAfee and 17 other entities unite to form Ransomware Task Force Windows News 2
A Windows 10 Microsoft Outlook issue Windows 10 Help and Support 2
ThumperTM Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack Windows News 1
ThumperTM Microsoft releases Windows 10 build 19042.662 - here's what's new Windows News 9
ThumperTM Microsoft is once again reportedly bringing Android apps to Windows Windows News 2
M Windows 10 Microsoft office 16 activation Windows 10 Help and Support 4
DVDR_Dog Microsoft urges users to stop using phone-based multi-factor authentication General Security 1
A microsoft office word 2019 hyphenation problem Windows 10 Software Chat and Support 1
DVDR_Dog Microsoft Scraps Subscription Model? Windows News 0
L Help with Microsoft office 2016 Activation Windows 10 Help and Support 3
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 4
DVDR_Dog Microsoft confirms Windows 10 slow boot issue due to KB4559309 Windows 10 Help and Support 2
DVDR_Dog Microsoft Strikes Out Again (3 strikes, no balls. No runs, no hits, countless errors) Smartphones and other Devices Chat & Support 2
V Solved MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 29
C Installation/activation of MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 24
DVDR_Dog Microsoft Fixes Windows 10 1903 Network Issue Windows 10 Upgrade and Installation 0
DVDR_Dog Microsoft confirms installation issues in Windows 10 updates 8/19/2019 Windows 10 Upgrade and Installation 5
DVDR_Dog Microsoft Surface Windows 10 Hardware Chat and Support 1
DVDR_Dog Well Sorta It's Microsoft After All Windows News 0
DVDR_Dog Nation-Backed Hackers Targeted 10,000 Microsoft Customers General Security 1
S Microsoft office pro plus 2016 not fully installing on Windows 10. Windows 10 Help and Support 4
S Microsoft Office Pro Plus 16 patch file? Windows Apps 10
ThumperTM Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities Windows News 0
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 1
ThumperTM Microsoft Announces Windows Defender ATP Antivirus for Mac Windows News 0
ThumperTM Microsoft to end support for Windows 7 in 1-year from today Windows News 0
K Microsoft Office 2016 PRO Plus not activating Windows 8 and 7 Help and Support 0
R Microsoft Office for Mac 2016 Windows 8 and 7 Help and Support 1
B Microsoft Office Pro 2016 Not Working Suddenly Windows 8 and 7 Help and Support 4
R Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Software Chat and Support 2
L Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Help and Support 2
D in regards to MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 5
D MICROSOFT Office PRO - Is it possible to avoid the "Let's get started" pop up when opening word? Windows 8 and 7 Help and Support 0
B MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 58
J can proceed to installation for microsoft office 2016 Windows 10 Help and Support 1
M Microsoft Office Pro Plus 2016 - Installing on MAC Windows 8 and 7 Help and Support 0
M I got Microsoft office 2016 question Windows 8 and 7 Software Chat and Support 4
J regarding MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 0
B Microsoft Windows 10 1607 Oct HELP !! Windows 8 and 7 Help and Support 0
M Microsoft Office 2016 Windows 8 and 7 Help and Support 5
U Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Help and Support 0
D Microsoft Office 2016 question Windows 8 and 7 Help and Support 4
L microsoft office 2016 pro plus Windows 8 and 7 Help and Support 4
W MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator Windows 8 and 7 Help and Support 11
R Microsoft Office Pro 2016 [HELP] Windows 8 and 7 Help and Support 3

Similar threads

Online statistics

Members online
2
Guests online
132
Total visitors
134
Top