You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Multiple vulnerabilities in RDP can allow attackers to take control of computers

Multiple vulnerabilities in RDP can allow attackers to take control of computers
Multiple vulnerabilities in RDP can allow attackers to take control of computers- February 6, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_352324304.jpg)
- These flaws in the Remote Desktop Protocol (RDP) can result in the so-called ‘reverse RDP attack’.
- There are a total of 25 security issues in the RDP.
Security researchers have discovered multiple vulnerabilities in the Remote Desktop Protocol (RDP) that can result in the so-called ‘reverse RDP attack’. These vulnerabilities can allow bad actors to take control of computers.
Discovered by researchers at CheckPoint, there are a total of 25 security issues in the RDP. Of these, 16 issues have been found in the open source FreeRDP RDP client and its fork rdesktop, as well as in Microsoft’s own RDP client implementation.
According to researchers, the attackers can use at least of the two scenarios to gain elevated network permissions. This includes:
- Attacking an IT member that connects to an affected workstation placed inside the corporate network;
- Attacking a malware researcher that connects to a remote sandboxed virtual machine that contains a tested malware.
Once the attackers get a foothold of the RDP client by using one of the discovered vulnerabilities, they can expand the scope of the attack to the machine’s entire local network.
Eleven vulnerabilities with a major security impact are discovered in the 1.83 version of the rdesktop RDP client, while FreeRDP 2.0.0-rc3 contains five vulnerabilities of major security impact. The researchers were also able to find a vulnerability in the Mstsc client too.
In order to address these issues, the users have been advised to disable the shared RDP clipboard feature in their clients until a security patch is released. In addition, RDP clients should always be kept up to date to protect their computers from being exploited by such vulnerabilities.
- + Aware
Get such articles in your inbox
News
-
Previous News Community Health Systems agrees to pay nearly $3.1 million as a part of settlement for 2014 data breach
- February 6, 2019
- |
- Incident Response, Learnings
-
Next News Android and Ubuntu get security fixes: Patch Tuesday - Week 1, February 2019
- February 6, 2019
- |
- Computer, Internet Security
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Community Health Systems agrees to pay nearly $3.1 million as a part of settlement for 2014 data breach
- February 6, 2019
- |
- Incident Response, Learnings
-
Next News Android and Ubuntu get security fixes: Patch Tuesday - Week 1, February 2019
- February 6, 2019
- |
- Computer, Internet Security
Popular News
Related News
Categories
