Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
REWTERZ THREAT Advisory – LibreOffice and OpenOffice Remote Code Execution Vulnerability
February 6, 2019Rewterz Threat Advisory – CVE-2019-6111 – OpenSSH Arbitrary File Overwrite Vulnerability
February 7, 2019
SEVERITY: Medium
CATEGORY: Vulnerability
Analysis Summary
A total of 25 security flaws are discovered in the popular implementations of the Remote Desktop Protocol (RDP) which can allow bad actors to take control of computers connecting to a malicious server using remote code execution and memory corruption. The flaws allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security researcher’s computer. Such an infection could then allow for an intrusion into the IT/local network as a whole.
16 major vulnerabilities are in the open source FreeRDP RDP client and its fork rdesktop, as well as in Microsoft’s own RDP client implementation. Open source xrdp RDP server is partially based on rdesktop and hence is vulnerable to the same vulnerabilities.
1.8.3 version of the rdesktop RDP client contains 11 vulnerabilities with a major security impact, and 19 vulnerabilities overall in the library. FreeRDP 2.0.0-rc3 contains five vulnerabilities with major security impact and six vulnerabilities overall in the library. (The RDP client NeutrinoRDP is a fork of an older version (1.0.1) of ‘FreeRDP’ and therefore probably suffers from the same vulnerabilities.)
RDP Clients may also be vulnerable to a path-traversal attack, allowing the server to drop arbitrary files in arbitrary paths on the client’s computer.
Impact
- Memory Corruption
- Code Execution
- System Access
- Network-wide infection
Affected Products
- mstsc.exe
- FreeRDP
- rdesktop
Remediation
- If you are using rdesktop or FreeRDP, update to the latest version which includes the relevant patches.
- When using Microsoft RDP client (MSTSC), we strongly recommend disabling bi-directional clipboard sharing over RDP.
- Apply security measures to both the clients and the servers involved in the RDP communication.
- Users should avoid using RDP to connect to remote servers that have not implemented sufficient security measures.