Buzz
Researchers at Preempt have uncovered a new vulnerability in the Credential Security Support Provider (CredSSP) protocol, used by Remote Desktop and WinRM during authentication.
Discovery of a new vulnerability in the Windows Remote Desktop protocol
Attackers utilize the man-in-the-middle attack method with control privileges in sessions capable of remotely executing code on compromised servers posing as legitimate users. A commonly used remote application will perform remote logins on remote computers.
This vulnerability could expose enterprises to various threats, including lateral movement and infection into critical servers or domain controllers. Its susceptibility affects all Windows versions, from Windows Vista onwards.
Roman Blachman, CTO and co-founder of Preempt, shares insights into the discovery of a new vulnerability in the Windows Remote Desktop protocol: 'This is a major vulnerability, although no attacks have been detected in the wild yet, however, in some real-world scenarios, attacks could occur.' 'The first step to mitigate this threat is to ensure that your workstations are properly patched. It's crucial for organizations, enterprises to employ real-time threat response solutions to minimize these threats.'
To safeguard themselves, enterprises should ensure that workstations and servers are properly patched. IT experts are also advised to make configuration changes to apply the patch for protection. Blocking relevant application ports (RDP, DCE/RPC) can also prevent attacks.
If you're using Windows 10, check out how to use Remote Desktop on Windows 10 here to upload and download data from different machines within the same or different networks.
For users on other Windows versions and within the same LAN, refer to Remote Desktop over LAN here to share data, text files together.
Preempt also warns that attacks can be carried out in various ways, even using different protocols. Therefore, limit the use of privileged accounts and opt for non-privileged accounts whenever possible.
Microsoft quickly released Patch Tuesday updates for Windows 7 and 8.1, but this update still does not address the vulnerability in the Windows Remote Desktop protocol. For more specific details about this update, you can check out the article Patch Tuesday update for Windows 7 and 8.1 what's new? latest.
