- The flaw which leads to remote code execution was identified in Remote Desktop Protocol earlier this year.
- Microsoft has patched this bug after it was found to impact Hyper-V.
A security flaw that was discovered in Microsoft’s RDP has been found to impact another product of the tech giant. The flaw, uncovered by researcher Eyal Itkin of Check Point this year, also affects virtualization software Hyper-V and is a path traversal bug. It could lead to remote code execution(RCE) on the virtual machines connected to Hyper-V.
A proof-of-concept (PoC) exploit demonstrated by the researcher showed how a file delivered on the host connected to a malicious virtual machine could allow remote execution after a system reboot. The demonstration can be found here.
- Dubbed as “Poisoned RDP vulnerability,” Microsoft also mentions that the flaw allows attackers to exploit clipboard redirection in RDP.
- The vulnerability is tracked as CVE-2019-0887.
- In a case study, Microsoft suggests that Hyper-V, which uses RDP is affected by the latter’s security flaws.
- The RCE vulnerability in RDP could be used to escape a virtual machine in Hyper-V. This resulted in a sandbox escape vulnerability.
- After finding it was affecting Hyper-V, Microsoft patched the flaw in its July 2019 security update.
- The tech giant indicated that there were no active exploits leveraging this bug.
Microsoft stated that it worked with Itkin to devise solutions in order to detect attacks carried out through this flaw.
“While we worked on fixing the vulnerability, it was important for us to develop a post-breach detection in order to protect customers from attacks that might exploit the vulnerability. For this effort, we worked closely with Eyal, whose cooperation was critical to the development of these solutions,” said Microsoft.