Researchers find zero-day leak in remote desktop protocol
Security researchers have discovered a zero-day leak in the remote desktop protocol. This can bypass Windows security and allow attackers to penetrate an affected system.
Researchers at Carnegie Mellon University have written an exploit for Metasploit to exploit the vulnerability. It has not yet been made public for security reasons. There is currently no patch available for the vulnerability; it will be released on June 11 during Microsoft’s ‘Patch Tuesday’. The vulnerability is in Windows 10 from version 1803, and in Windows Server 2019.
The vulnerability, CVE-2019-9510, can be used to bypass the authentication of machines running Windows. An attacker simply needs to connect to a victim’s system via rdp to get and keep authentication for the computer. This is also possible after the user has locked the screen. By exploiting the vulnerability, it could even be possible to bypass certain multi-factor authentication methods.
It’s not immediately clear whether the new vulnerability is related to BlueKeep, the new remote desktop service vulnerability that was leaked earlier this year. BlueKeep exploits vulnerabilities in the rdp protocol and can potentially spread ransomware worms as a result. That is a similar attack method as with WannaCry and (Not)Petya. Earlier this week, the NSA warned system administrators to update their networks. More than a million computers with the RDP vulnerability are still connected to the Internet, despite the fact that a patch has been available for a long time.
Update: this article initially stated that the exploit is part of BlueKeep and that BlueKeep uses the same vulnerabilities as Wannacry and (Not)Petya. That has been adjusted.