The CredSSP vulnerability in the RDP protocol affects all versions of Windows
A serious vulnerability has just been found on the Credential Security Support Provider (CredSSP) protocol that affects all Windows versions, allowing attackers to exploit RDP and WinRM to steal data or run malicious code.
CredSSP protocol is used by RDP (Remote Desktop Protocol) and WinRM (Windows Remote Management), is responsible for forwarding encrypted authentication information from Windows client to server for remote authentication.
Discovered by researchers at Preempt Secutiry, this vulnerability (CVE-2018-0886) is a logical error in CredSSP, which allows an intermediary to use WiFi or physically connect to the network to steal authentic data and Attack Remote Procedure Call.
'The data theft attacker from the user can run the command with admin rights. This is especially important when controlling domain names, when most Remote Procedure Call (RPC / DCE) are turned on automatically, 'said Yaron Zinar, a researcher in Preempt.
Because RDP is the most popular application for remote login and most business customers use RDP, most networks are at risk because of this error.
The problem was reported to Microsoft by Preempt last August, but it was not until Patch Tuesday that it lasted nearly seven months - they patched the vulnerability.
Researchers also warn that patching alone is not enough to prevent attacks, IT professionals should change some of the necessary configurations. Blocking related application ports including RDP or DCE / RPC also helps to reduce but this type of attack can be done in many ways with other protocols.
Therefore, above all, it is advisable to limit the use of the highest possible account. March Patch Patch also patched other software such as Microsoft IE, Edge, Windows OS, Office, PowerShell, Core ChakraCore and Adobe Flash.
See more:
- Top 12 most dangerous backdoor in computer history
- Secure Terminal Services of Windows Server 2008
- Access Windows Remote Desktop via Internet
You should read it
- 5 Multi-Factor Authentication Vulnerabilities and how to fix them
- Learn about WinRM & WinRS
- Deploy multi-factor authentication to remote Microsoft Teams users
- Remote management on Windows Server 2012 with Remote Management Service
- Top 15 free remote computer control tools
- Overcoming Microsoft's multi-layer authentication tool, you will receive up to $ 100,000
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Top 5 most dangerous remote execution vulnerabilities in early 2020, some even automatically infect other computers without users knowing.
- How to control a remote computer with AnyDesk Remote
- What is the RADIUS protocol?
- Authenticate what two factors are and why you should use it
- Pros and cons of passwordless authentication
Maybe you are interested
How to get and provide remote support using the Quick Assist app in Windows 11
4 Security Steps to Follow When Using Remote Access Applications
How to Use Chrome Remote Desktop to Control Your PC from Anywhere
How to turn your iPhone into a wireless mouse with Remote Mouse
Microsoft sparks outrage by renaming Remote Desktop app on some platforms
How to remotely lock iPhone and iPad when the device is lost or stolen