What's new

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,376
8,883
OS
Windows 10
BR
Chrome 81.0.4044.138
Reverse RDP Attacks
Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?

Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.

Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655.

In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged.


Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough to protect other third-party RDP clients against the same attack that relies on the vulnerable sanitization function developed by Microsoft.

"We found that not only can an attacker bypass Microsoft's patch, but they can bypass any canonicalization check that was done according to Microsoft's best practices," Check Point researcher Eyal Itkin said in a report shared with The Hacker News.

For those unaware, path traversal attacks occur when a program that accepts a file as input fails to verify it, allowing an attacker to save the file in any chosen location on the target system, and thus exposing the contents of files outside of the root directory of the application.

"A remote malware-infected computer could take over any client that tries to connect to it. For example, if an IT staff member tried to connect to a remote corporate computer that was infected by malware, the malware would be able to attack the IT staff member's computer as well," the researchers described.

The flaw came to light last year, and a subsequent research in August found that it impacted Microsoft's Hyper-V hardware virtualization platform as well.

Here's a demonstration video on the original vulnerability from the last year:

Source: thehackernews
 
Similar threads
Thread starter Title Forum Replies Date
DVDR_Dog Microsoft urges users to stop using phone-based multi-factor authentication General Security 1
A microsoft office word 2019 hyphenation problem Windows 10 Software Chat and Support 1
DVDR_Dog Microsoft Scraps Subscription Model? Windows News 0
L Help with Microsoft office 2016 Activation Windows 10 Help and Support 1
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 4
DVDR_Dog Microsoft confirms Windows 10 slow boot issue due to KB4559309 Windows 10 Help and Support 2
DVDR_Dog Microsoft Strikes Out Again (3 strikes, no balls. No runs, no hits, countless errors) Smartphones and other Devices Chat & Support 2
V Solved MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 29
C Installation/activation of MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 21
DVDR_Dog Microsoft Fixes Windows 10 1903 Network Issue Windows 10 Upgrade and Installation 0
DVDR_Dog Microsoft confirms installation issues in Windows 10 updates 8/19/2019 Windows 10 Upgrade and Installation 5
DVDR_Dog Microsoft Surface Windows 10 Hardware Chat and Support 1
DVDR_Dog Well Sorta It's Microsoft After All Windows News 0
DVDR_Dog Nation-Backed Hackers Targeted 10,000 Microsoft Customers General Security 1
S Microsoft office pro plus 2016 not fully installing on Windows 10. Windows 10 Help and Support 4
S Microsoft Office Pro Plus 16 patch file? Windows Apps 10
ThumperTM Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities Windows News 0
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 1
ThumperTM Microsoft Announces Windows Defender ATP Antivirus for Mac Windows News 0
ThumperTM Microsoft to end support for Windows 7 in 1-year from today Windows News 0
K Microsoft Office 2016 PRO Plus not activating Windows 8 and 7 Help and Support 0
R Microsoft Office for Mac 2016 Windows 8 and 7 Help and Support 1
B Microsoft Office Pro 2016 Not Working Suddenly Windows 8 and 7 Help and Support 4
R Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Software Chat and Support 2
L Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Help and Support 2
D in regards to MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 5
D MICROSOFT Office PRO - Is it possible to avoid the "Let's get started" pop up when opening word? Windows 8 and 7 Help and Support 0
B MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 49
J can proceed to installation for microsoft office 2016 Windows 10 Help and Support 1
M Microsoft Office Pro Plus 2016 - Installing on MAC Windows 8 and 7 Help and Support 0
M I got Microsoft office 2016 question Windows 8 and 7 Software Chat and Support 4
J regarding MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 0
B Microsoft Windows 10 1607 Oct HELP !! Windows 8 and 7 Help and Support 0
M Microsoft Office 2016 Windows 8 and 7 Help and Support 5
U Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Help and Support 0
D Microsoft Office 2016 question Windows 8 and 7 Help and Support 4
L microsoft office 2016 pro plus Windows 8 and 7 Help and Support 4
W MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator Windows 8 and 7 Help and Support 11
R Microsoft Office Pro 2016 [HELP] Windows 8 and 7 Help and Support 3
T Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Software Chat and Support 10
O Microsoft Windows 10 PRO (x64-x86) Sep 2015 Windows 8 and 7 Help and Support 9
D Microsoft Windows 10 6in1 FULL (x64) Jan 2016 [TechTools] Problem Windows 8 and 7 Help and Support 1
N Building an Office Pro AIO Manually (Microsoft Office ProPlus, ProjectPro and VisioPro) Tutorials 5
P Microsoft office cant install Windows 8 and 7 Software Chat and Support 0
P Microsoft office cant install Windows 8 and 7 Help and Support 0
I Microsoft Office 2016 powerpoint transition Windows 8 and 7 Help and Support 0
S Microsoft Office PRO Plus 2016 Windows 8 and 7 Help and Support 4
V Microsoft Office 2016: MISSING INSTALLATION .TXT FILE Windows 8 and 7 Help and Support 12
T Microsoft Office 2016 Windows 8 and 7 Help and Support 4
A Microsoft Office PRO 2016 Windows 8 and 7 Help and Support 1

Similar threads

Top