RDP flaw a harbinger of breaches

Powered by SC Magazine
 

Small businesses most at risk from dangerous vulnerability.

A vulnerability in Microsoft's Remote Desktop Protocol (RDP) is predicted to cause mayhem for organisations this year with small businesses most notably at risk.

The flaw, announced in a patch tuesday release overnight (CVE 2012-0002) provides attackers with remote access to networks that have RDP enabled.

Attackers could execute code at a priveleged level without the need to provide credentials, if the target machine does not have network-level authentication enabled. 

And many do not, according to experts.

 

"We will still be exploiting this in a year," said Chris Gatford, director of penetration testing firm HackLabs. "There hasn't been anything this serious in years."

He said almost all organisations run RDP internally and about a third have the service activated externally, notably to connect to cloud computing services.

Security consultant Casey Ellis said exploits for the hole would be developed within weeks.

"Someone will create a worm soon for this," he said. "Over the coming weeks, we'll not be talking about seeing risk to businesses -- we'll be talking about them getting owned."   

He said countless small businesses would have RDP enabled both internally and many externally for remote access.

"I haven't seen anything this bad since Sasser or Blaster."

Ellis has today registered the web site RDPcheck and will create a "quick and dirty" tool that will check whether a machine is vulnerable to the flaw.

Remember to sign up to our daily newsletter to stay connected with the latest news and analysis from Australia and around the world.

Microsoft recommended that customers apply Network Level Authentication which would mitigate the attack prior to applying the patch, but Gatford pointed out that this would cut off connectivity for XP machines. 

He said users should run RDP behind gateways. Windows XP users could download and enable CredSSP, while users running Terminal Services Gateway should restrict access to the host to known and trusted networks.

Microsoft said RDP was disabled by default adding it was not aware of attacks against the privately-reported vulnerability.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," the company said.

Kaspersky senior security researcher Kurt Baumgartner said organisations could be compromised if staff RDP-enabled laptops were infected at public WI-Fi hotspots. 

"Once infected, they bring back the laptop within the 'walled castle' and infect large volumes of other connected systems from within.".

Copyright © SC Magazine, Australia


RDP flaw a harbinger of breaches
 
 
 
Top Stories
Government exploit vendor hacked, client data exposed
Update: Australian agencies potentially compromised.
 
Australia's digital crescendo
Barely unpacked from his move from Amsterdam, Southern Cross Austereo's new digital boss Vijay Solanki is looking for Australia's untapped potential.
 
Turnbull nabs UK govt digital guru as DTO chief
Inaugural CEO to lead change agenda.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
New Microsoft Office apps for Android phones
Jun 26, 2015
Microsoft's latest Office apps for Android now work on phones as well as tablets, further ...
Windows 10 UK price revealed, but don't believe everything you hear
Jun 26, 2015
Windows 10 £99 price tag for users in the UK (who presumably don't already have Win 7 Pro ...
Now Xero notifies iOS users of new transactions
Jun 24, 2015
The latest version of Xero's iPhone app includes notifications when new transactions arrive from ...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 843

Vote