Friday, August 17, 2019
According to several Microsoft officials, vulnerabilities were detected within the Microsoft’s Remote Desktop Protocol (RDP). The vulnerability was reported to Microsoft almost a year ago. It was only reported to affect the Remote Desktop Protocol. It recently was patched after discovering the bug lead to remote execution and directly impacts Microsoft’s Hyper-V product.
In February, a security software engineer, Eyal Itkin working for an independent firm named Check Point published technical details regarding the covered multiple RDP vulnerabilities and flaws. The primary focus for Itkin was to achieve a reverse RDP attack. This in turn would give the server of a remote connection gains control over the client.
This connection between the two machines was possible through the RDP sharing the clipboard. Subsequently, whatever is copied on the remote server can be pasted on the local client. In an interview with Itkin and BleepingComputer, Itkin explained that an attacker could use this vulnerability to compromise computers of privileged users in a company.
Another method sharing data information is called Enhanced Session Mode in Hyper-V which enables an RDP connection to virtual machines. This enables share devices and files between the two systems. The relation between the two products becomes evident Hyper-V virtual machine and a remote connection via Microsoft’s RDP client (mstsc.exe) share the same setting window.0