Exploiting Authentication in Microsoft Remote Desktop Protocol (MS-RDP)

VywB2_o9Tsk/default.jpg

In March 2018 Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is used by RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) that takes care of securely forwarding credentials to target servers. The vulnerability can be exploited by attackers by employing a man-in-the-middle attack to achieve the ability to run code remotely on previously not infected machines in the attacked network. The vulnerability, in many real-world scenarios where victim network has vulnerable network equipment, could result in an attacker gaining the ability to move laterally in the victim’s network and even infect domain controller with malicious software.

This video will provide an overview of the vulnerability as well as demonstrate how it can be exploited.

For more details you can read Preempt's overview blog here: https://blog.preempt.com/security-adv...

Or read our technical blog that describes how we found the vulnerability and exploited RDP here: https://blog.preempt.com/how-we-explo...

VywB2_o9Tsk/default.jpg
Exploiting Authentication in Microsoft Remote Desktop Protocol (MS-RDP) Exploiting Authentication in Microsoft Remote Desktop Protocol (MS-RDP) Reviewed by Anonymous on March 13, 2018 Rating: 5