Remote Desktop Protocol Has Plenty Code-Execution Flaws

Remote Desktop Protocol has plenty of code-execution flaws in both open-source RDP and Microsoft’s RDP client. This makes it possible for a malicious hackers to infect a client computer and then allow them to intrude into the IT network as a whole.

What IS RDP?

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.

So What Is The Issue?

According to Check Point research released on Tuesday at a Las Vegas event, open-source and Microsoft proprietary RDP clients are at risk from an attacker who sets up a fake RDP server within a network, or can compromise a legitimate one using vulnerabilities.

Check Point Research discovered that multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security researcher’s computer. Such an infection could then allow for an intrusion into the IT network as a whole.
16 major vulnerabilities and a total of 25 security vulnerabilities were found overall.

More details can be found here

What should be done?

The less amount of public facing attack surfaces the better secure we can be. I would recommend using a client base VPN tunnel, this would create a secure private network that directly connects to your environment afterwards you would be able to use RDP to get connected to your workstation.  

Leave a Reply