Windows Remote Desktop has an unresolved security problem

Who I am
Llu铆s Enric Mayans
@lluisenricmayans
Author and references

It is therefore easy to understand why this tool is the object of the curiosity of the most malicious computer security experts.


Check Point ST had already discovered many vulnerabilities in the system more than a year ago, which allowed attackers to reverse the normal direction of communication and infect the local computer of the IT technician or security researcher (in case of analysis): this type attack could therefore allow an intrusion into the IT network as a whole. Approximately 16 key vulnerabilities and a total of 25 security vulnerabilities were found.


Source: CheckPoint.com
Source: CheckPoint.com
Source: CheckPoint.com

Microsoft communicated the new flaw, it was codified as a new vulnerability CVE-2020-0655 and the company took steps to release a patch last February. Fix that however did not involve the kernel of the PathCchCanonicalize function, but only the kerberos.dll file in the same directory as the kernel. This results in the solution not being effective if a third party RDP client is used.


Source: CheckPoint.com

Looking for an ultra-performing M.2 NVMe SSD? Here is the Sabrent Rocket from 500GB and up to 3400/2000 MB / s in sequential read / write, on offer on Amazon


Windows Remote Desktop has an unresolved security problem

Audio Video Windows Remote Desktop has an unresolved security problem
add a comment of Windows Remote Desktop has an unresolved security problem
Comment sent successfully! We will review it in the next few hours.