Microsoft Remote Access Protocol Flaw Affects All Windows Machines
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network. A serious vulnerability found in Microsoft's Credential Security Support Provider protocol (CredSSP) could allow a hacker to gain control of a domain server and other systems in the network. The logical cryptographic vulnerability in CredSSP can be exploited via a man-in-the-middle attack when a client machine and server authenticate to one another over the Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM) connection protocols. Exploiting the flaw requires the attacker to wage a man-in-the-middle attack between the client and server in an RDP or WinRM session. During the man-in-the-middle attack, the attacker basically awaits a CredSSP session to compromise the authentication between the client and server, and employ a remote procedure call attack on that server. To defend against the CredSSP exploit, Preempt recommends patching workstations and servers, but warns that patching alone is not sufficient to stop this attack.