The Reverse RDP attack means a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s Remote Desktop Protocol.
Microsoft had patched the vulnerability (CVE-2019-0887) in July 2019, but researchers have found that this patch can be bypassed to exploit the vulnerability. Acknowledging this Microsoft has released a new patch to ensure the security in February 2020.
The workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough to protect other third-party RDP clients against the same attack that relies on the vulnerable function developed by Microsoft.
Researchers have claimed that if the hackers gain access to such vulnerability with weak patches, it is very easy for them to exploit it by bypassing the patch. Hackers accessing core Windows path sanitation function can lead to a huge menace and can be very dangerous.
NPAV recommends users to use built-in RDP of Windows systems and refrain from using third-party RDP clients until the vulnerability is patched properly. Keep downloading updates and patches released by organizations to keep you systems safe.
Use NPAV and join us on a mission to secure the cyber world.