Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Started by icecream-guy, May 22, 2019, 07:02:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

May 22, 2019, 07:02:15 AM
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.


--
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708



:professorcat:

My Moral Fibers have been cut.

Otanx

#1
May 22, 2019, 08:41:11 AM
You know it is a big deal when they back port patches to XP, and 2003. The only saving grace is it isn't a publicly disclosed vulnerability, but that won't last.

-Otanx

deanwebb

#2
May 22, 2019, 03:54:42 PM
This is a VERY big deal.

Damn RDP...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

#3
May 23, 2019, 09:29:51 PM
Fantastic!  :XD:

Once a few years ago I was trying to RDP to my windows XP system over the internet at home (before VPN). I knew something was wrong because the RDP screen looked like Windows Server 2003. I didnt recognise the domain either. I checked the IP address and I had mis-typed my IP and got someone elses Windows server.

Knowing cloud and engineers - I bet there are a ton of Windows VMs running in Azure that are accepting RDP connections from any source IP.

icecream-guy

#4
May 24, 2019, 06:53:13 AM
we're tightening firewalls to remove the insecure protocols.  RDP, TFTP, FTP, etc.  users still wanting to use these protocols, have to go through the security team to get a waiver to make (and document) the exception.  The RDP guys are like  :'(
:professorcat:

My Moral Fibers have been cut.

deanwebb

#5
June 04, 2019, 05:32:18 PM
Quote from: Dieselboy on May 23, 2019, 09:29:51 PM
Fantastic!  :XD:

Once a few years ago I was trying to RDP to my windows XP system over the internet at home (before VPN). I knew something was wrong because the RDP screen looked like Windows Server 2003. I didnt recognise the domain either. I checked the IP address and I had mis-typed my IP and got someone elses Windows server.

Knowing cloud and engineers - I bet there are a ton of Windows VMs running in Azure that are accepting RDP connections from any source IP.

I'm always terrified of systems with RDP open to the Internet.

This video is now relevant to this thread:

https://www.youtube.com/watch?v=NUNEZ9-4v_E
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

#6
June 05, 2019, 09:13:56 PM
QuoteI have it how I like it

;D
Print
Go Up Pages1
User actions