Remote Desktop clients analysed and found vulnerable
Microsoft shown to handle its own, complicated RDP well.
Security researchers analysing Remote Desktop clients for the popular remote desktop protocol, used to connect to non-local Windows machines, have unearthed multiple vulnerabilities.
Check Point analysed the FreeRDP and rdesktop (the default client for the Kali Linux penetration testing distribution) remote access tools, along with Microsoft’s mstsc.exe that comes with Windows.
In total, the research unearthed a total of 25 vulnerabilities spread among the three clients, 16 of which were rated as major.
The proprietary RDP was developed by Microsoft and the Check Point researchers said it is complicated and prone to vulnerabilities.
Perhaps due to its long experience with RDP, Microsoft came out relatively well in the analysis.
The researchers lauded the IT giant’s code as being “better by several orders of magnitude” than open source alternatives and noted its RDP client had robust input and decompression checks.
Microsoft’s RDP client also checked for integer overflows when processing bitmap updates, something both FreeRDP and rdesktop failed to do properly.
Whereas flaws in rdesktop version 1.8.3 opened up the possibility of remote code execution in ten cases, and five such vulnerabilities were found in FreeRDP, Check Point were only able to discover a path traversal issue over the shared RDP clipboard in Microsoft’s client.
“If a client uses the “Copy & Paste” feature over an RDP connection, a malicious RDP server can transparently drop arbitrary files to arbitrary file locations on the client’s computer, limited only by the permissions of the client.
Source: IT News