- #Microsoft remote desktop protocol software#
- #Microsoft remote desktop protocol code#
- #Microsoft remote desktop protocol windows#
My curiosity got the better of me and I began wondering which plugins were the most popular. Instead of guessing, I wanted to find out just how prevalent the problem could be amongst the security community. If I had to guess, I would say the debate over management protocols carries on today. Customers can check the Nessus Plugins page for more information.)īelow is an example of the plugin output from 58435, an uncredentialed check for MS12-020: (Tenable's research team is, of course, working on a reliable, non-destructive way to remotely check if a system is vulnerable to MS12-036.
#Microsoft remote desktop protocol code#
59454 MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) (credentialed check).58435 MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (uncredentialed check).58332 MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (credentialed check).Independent of exploitability, Tenable's research team has released plugins to reliably detect both MS12-020 and MS12-036: And while you may breathe a sigh of relief to hear that the vulnerabilities are merely DoS related, the original disclosure of MS12-020 came from TippingPoint’s ZDI, which lists it as “allows remote attackers to execute arbitrary code." This likely means that non-public exploit code exists for MS12-020. In both cases, Microsoft states: "…vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system." While there are no known exploits resulting in remote code execution, there are several exploits available to cause denial of service conditions. As most are likely aware at this time, there have been two Microsoft bulletins in 2012 that deal with remote code execution vulnerabilities in the code that implements RDP:
#Microsoft remote desktop protocol software#
The security shortcomings of RDP in the story above were dealing with a MiTM attack, not a software vulnerability per se, but vulnerabilities that can be overcome with proper configuration. Once they saw it, the progression to a properly-configured and more secure RDP implementation was underway immediately. However, the real challenge was persuading the administrators to make the switch, as they had always just used the default configuration and, by their own account, "nothing bad ever happened." In this case, I had to use a demo and perform an attack, with permission, of course, against an administrator. Again, technically there was an easy fix (change some settings on the servers, and use a compatible client on the management systems). At the time, in the default configuration, an attacker could perform MiTM attacks to obtain the username and password, in addition to logging the keystrokes sent to the systems being managed. I had a similar conversation about Microsoft Terminal Services, which uses the RDP (Remote Desktop Protocol).
#Microsoft remote desktop protocol windows#
The same debate occurred later in my career when I was tasked with helping the newly-created Windows systems administrators group secure their brand-new Windows domain environment. Turns out it was a valuable lesson for me as I learned that while technically not so challenging, convincing 25 or more developers that they had to use an SSH client rather than the built-in Telnet utility was the most challenging aspect of that project. When I first set out to help make systems more secure, one of the first actions I proposed was to remove Telnet from all of my UNIX (Solaris and Linux at the time) systems. Convenience is heavily weighed against security, as users and administrators require access to the systems, yet security in the forms of authentication and encryption seemingly "get in the way." This debate has come up in my career more times than I care to remember. Most security practitioners have had to deal with the threats and risks posed by the wide range of protocols used to remotely manage and access systems, including Telnet, SSH, RDP and even third-party providers such as GoToMyPC. Remote access protocols are certainly one of the long-standing topics discussed when it comes to information security.
0 kommentar(er)
