RDP flaw a harbinger of breaches

By on
RDP flaw a harbinger of breaches

Small businesses most at risk from dangerous vulnerability.

A vulnerability in Microsoft's Remote Desktop Protocol (RDP) is predicted to cause mayhem for organisations this year with small businesses most notably at risk.

The flaw, announced in a patch tuesday release overnight (CVE 2012-0002) provides attackers with remote access to networks that have RDP enabled.

Attackers could execute code at a priveleged level without the need to provide credentials, if the target machine does not have network-level authentication enabled. 

And many do not, according to experts.

 

"We will still be exploiting this in a year," said Chris Gatford, director of penetration testing firm HackLabs. "There hasn't been anything this serious in years."

He said almost all organisations run RDP internally and about a third have the service activated externally, notably to connect to cloud computing services.

Security consultant Casey Ellis said exploits for the hole would be developed within weeks.

"Someone will create a worm soon for this," he said. "Over the coming weeks, we'll not be talking about seeing risk to businesses -- we'll be talking about them getting owned."   

He said countless small businesses would have RDP enabled both internally and many externally for remote access.

"I haven't seen anything this bad since Sasser or Blaster."

Ellis has today registered the web site RDPcheck and will create a "quick and dirty" tool that will check whether a machine is vulnerable to the flaw.

Remember to sign up to our daily newsletter to stay connected with the latest news and analysis from Australia and around the world.

Microsoft recommended that customers apply Network Level Authentication which would mitigate the attack prior to applying the patch, but Gatford pointed out that this would cut off connectivity for XP machines. 

He said users should run RDP behind gateways. Windows XP users could download and enable CredSSP, while users running Terminal Services Gateway should restrict access to the host to known and trusted networks.

Microsoft said RDP was disabled by default adding it was not aware of attacks against the privately-reported vulnerability.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," the company said.

Kaspersky senior security researcher Kurt Baumgartner said organisations could be compromised if staff RDP-enabled laptops were infected at public WI-Fi hotspots. 

"Once infected, they bring back the laptop within the 'walled castle' and infect large volumes of other connected systems from within.".

Copyright © SC Magazine, Australia

Tags:
data breaches exploits hacklabs microsoft patching rdp security vulnerability

Most Read Articles

Ransomware strikes Victorian speed cameras

Ransomware strikes Victorian speed cameras
Massive ransomware outbreak hits servers worldwide

Massive ransomware outbreak hits servers worldwide
TPG savages broadband tax as band-aid for 'broken' NBN

TPG savages broadband tax as band-aid for 'broken' NBN
Revealed: Another storage crash behind latest ATO outage

Revealed: Another storage crash behind latest ATO outage
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?