itman 1,595 Posted March 13, 2018 Share Posted March 13, 2018 (edited) In light of these RDP attacks showing up in the Malware forum section, this is a must read. CredSSP Vulnerability Affects RDP and WinRM on All Windows Versions Quote The March 2018 Patch Tuesday contains a fix for a severe vulnerability affecting the CredSSP protocol; a vulnerability that affects all Windows versions ever released. Security researchers from Preempt say the flaw (CVE-2018-0886) can be abused to run remote commands on gain control over Windows domain controllers, and then expand access to other systems. The research team describes the vulnerability as a "logic" bug in CredSSP. Vulnerability affects protocol at the heart of RDP & WinRM The Credential Security Support Provider (CredSSP) protocol is a Windows-specific mechanism that is responsible for securely forwarding authentication credentials between a client and a remote server in an internal network/domain. CredSSP is a core component of the Remote Desktop Protocol (RDP) and the Windows Remote Management (WinRM) service, both of which are vulnerable to exploitation. According to a video and a report shared with Bleeping Computer before publication, an attacker can exploit the CredSSP vulnerability to execute remote commands when users are trying to authenticate during RDP or WinRM sessions. Attacker need MitM position Because of the nature of this flaw, the attacker needs to have a man-in-the-middle (MitM) position to intercept the victim's traffic. This either means the attacker must have a foothold on an internal network, or control an ISP-level server that relays the victim's RDP session. But while a MitM condition was a problem for attackers in the past, compromising internal networks to get a local foothold for MitM attacks has become quite easy in recent years due to the proliferation of IoT devices that often remain unpatched, leaving gaping holes in companies' defenses. https://www.bleepingcomputer.com/news/security/credssp-vulnerability-affects-rdp-and-winrm-on-all-windows-versions/ Edited March 13, 2018 by itman Link to comment Share on other sites More sharing options...
Recommended Posts