RDP flaw a harbinger of breaches

Powered by SC Magazine
 

Small businesses most at risk from dangerous vulnerability.

A vulnerability in Microsoft's Remote Desktop Protocol (RDP) is predicted to cause mayhem for organisations this year with small businesses most notably at risk.

The flaw, announced in a patch tuesday release overnight (CVE 2012-0002) provides attackers with remote access to networks that have RDP enabled.

Attackers could execute code at a priveleged level without the need to provide credentials, if the target machine does not have network-level authentication enabled. 

And many do not, according to experts.

 

"We will still be exploiting this in a year," said Chris Gatford, director of penetration testing firm HackLabs. "There hasn't been anything this serious in years."

He said almost all organisations run RDP internally and about a third have the service activated externally, notably to connect to cloud computing services.

Security consultant Casey Ellis said exploits for the hole would be developed within weeks.

"Someone will create a worm soon for this," he said. "Over the coming weeks, we'll not be talking about seeing risk to businesses -- we'll be talking about them getting owned."   

He said countless small businesses would have RDP enabled both internally and many externally for remote access.

"I haven't seen anything this bad since Sasser or Blaster."

Ellis has today registered the web site RDPcheck and will create a "quick and dirty" tool that will check whether a machine is vulnerable to the flaw.

Remember to sign up to our daily newsletter to stay connected with the latest news and analysis from Australia and around the world.

Microsoft recommended that customers apply Network Level Authentication which would mitigate the attack prior to applying the patch, but Gatford pointed out that this would cut off connectivity for XP machines. 

He said users should run RDP behind gateways. Windows XP users could download and enable CredSSP, while users running Terminal Services Gateway should restrict access to the host to known and trusted networks.

Microsoft said RDP was disabled by default adding it was not aware of attacks against the privately-reported vulnerability.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," the company said.

Kaspersky senior security researcher Kurt Baumgartner said organisations could be compromised if staff RDP-enabled laptops were infected at public WI-Fi hotspots. 

"Once infected, they bring back the laptop within the 'walled castle' and infect large volumes of other connected systems from within.".

Copyright © SC Magazine, Australia


RDP flaw a harbinger of breaches
 
 
 
Top Stories
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Australia's leaders agree to end GST-free online goods
Gerry Harvey may finally get his way.
 
What to expect from Abbott's national cyber security strategy
Key policy architect reveals focus of new document.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  13%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  19%
TOTAL VOTES: 684

Vote