TMCnet News
Preempt Researchers Find Critical Vulnerability that Exploits Authentication in Microsoft Remote Desktop Protocol (MS-RDP)SAN FRANCISCO, March 13, 2018 /PRNewswire/ -- Preempt, a leader in adaptive threat prevention that helps enterprises eliminate insider threats and security breaches, today announced its research team found a critical Microsoft vulnerability that consists of a logical flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in the authentication process. CredSSP is responsible for taking care of securely forwarding credentials to the target server. Researchers found that an attacker with man-in-the-middle control over the session can abuse it to achieve the ability to remotely run code on the compromised server on behalf of a user. With remote desktops being the most popular application to perform remote logins, this vulnerability poses extreme concern. This could leave enterprises vulnerable to a variety of threats from attackers including lateral movement and infection on critical servers or domain controllers. The vulnerability affects all Windows versions to date (starting with Windows Vista). "This vulnerability is a big deal, and while no attacks have been detected in the wild, there are a few real-world situations where attacks can occur," said Roman Blachman, CTO and co-founder at Preempt. "Ensuring that your workstations are patched is the logical, first step to preventing this threat. It's important for organizations to use real-time threat response solutions to mitigate these types of threats." With this vulnerability, organizations are susceptible to having an attack mounted with simple Wi-Fi or physical access. If an attacker has access, they can launch a man-in-the-iddle attack. Other ways like Address Resolution Protocol (ARP) poisoning and attacking sensitive servers through vulnerable routers and switches will enable the attack. Organizations can protect themselves from this vulnerability in a few ways:
As of March 13, 2018, Microsoft has issued a CVE-2018-0886 patch per Preempt's responsible disclosure of the CredSSP vulnerability. Additional Resources
About Preempt For further information, please contact:
View original content with multimedia:http://www.prnewswire.com/news-releases/preempt-researchers-find-critical-vulnerability-that-exploits-authentication-in-microsoft-remote-desktop-protocol-ms-rdp-300613019.html SOURCE Preempt |