Remote code execution flaws in RDP Clients

Walden Systems Geeks Corner News Remote code execution flaws in RDP Clients Network security Rutherford NJ New Jersey NYC New York North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Flaws in open-source RDP clients and in Microsoft's proprietary client makes it possible for a malicious RDP server to infect a client computer. Multiple critical vulnerabilities in the commonly used Remote Desktop Protocol or RDP, would allow hackers to remotely execute code over a client's computer. Check Point research released a report at the CPX360 event in Las Vegas. Both open-source and Microsoft proprietary RDP clients are at risk from hacker that has set up a malicious RDP server within a network, or who has compromised a legitimate one using other vulnerabilities.

RDP is used by thousands of enterprise users worldwide. RDP is a common application that allows those working remotely to connect to corporate resources. It also allows tech support staff and researchers to connect to remote computers for support. In a normal scenario, you use an RDP client, and connect to a remote RDP server that is installed on the remote computer. After a successful connection, they now have access to and control of the remote computer, according to the permissions of your user. But if the scenario could be put in reverse? The vulnerabilities make it possible to do just that, essentially reversing the usual direction of communication and infecting the client computer which in turn, hackers can gain entrance into the entire IT network.


According to Check Point, 16 vulnerabilities and 25 security vulnerabilities were found overall across the clients it examined. These include mstsc.exe (Microsoft's built-in RDP client); FreeRDP, and rdesktop. Additional analysis showed that the xrdp open-source RDP server is based on the code of rdesktop, while the RDP client NeutrinoRDP is a fork of an older version of FreeRDP. So, the team guessed that these two probably suffer from similar vulnerabilities as the parent code.

Analysis shows that there are a few common scenarios in which a hacker can gain network permissions by an attack. A hacker could attack an IT workstation that connects to an infected work station inside the corporate network, gaining higher permission levels and greater access to the network systems. A second scenario is if a hacker attacks a malware researcher that connects to a remote sandboxed virtual machine that contains a tested malware. This allows the malware to escape the sandbox and infiltrate the corporate network. The feasibility of any attack relies on the hacker gaining prior access to an RDP server which is a mitigating factor.