Jump to content

Eset Server Users - You Need to Patch Now!


Recommended Posts

In light of these RDP attacks showing up in the Malware forum section, this is a must read.

CredSSP Vulnerability Affects RDP and WinRM on All Windows Versions


The March 2018 Patch Tuesday contains a fix for a severe vulnerability affecting the CredSSP protocol; a vulnerability that affects all Windows versions ever released.

Security researchers from Preempt say the flaw (CVE-2018-0886) can be abused to run remote commands on gain control over Windows domain controllers, and then expand access to other systems. The research team describes the vulnerability as a "logic" bug in CredSSP.

Vulnerability affects protocol at the heart of RDP & WinRM

The Credential Security Support Provider (CredSSP) protocol is a Windows-specific mechanism that is responsible for securely forwarding authentication credentials between a client and a remote server in an internal network/domain.

CredSSP is a core component of the Remote Desktop Protocol (RDP) and the Windows Remote Management (WinRM) service, both of which are vulnerable to exploitation.

According to a video and a report shared with Bleeping Computer before publication, an attacker can exploit the CredSSP vulnerability to execute remote commands when users are trying to authenticate during RDP or WinRM sessions.

Attacker need MitM position

Because of the nature of this flaw, the attacker needs to have a man-in-the-middle (MitM) position to intercept the victim's traffic. This either means the attacker must have a foothold on an internal network, or control an ISP-level server that relays the victim's RDP session.

But while a MitM condition was a problem for attackers in the past, compromising internal networks to get a local foothold for MitM attacks has become quite easy in recent years due to the proliferation of IoT devices that often remain unpatched, leaving gaping holes in companies' defenses.


Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...