Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

August 8, 2019
in Internet Privacy
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
590
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Remember the reverse RDP attack?

Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft’s Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.

You might also like

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

(You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP clients, in a previous article written by Swati Khandelwal for The Hacker News.)

At the time when researchers responsibly reported this path-traversal issue to Microsoft, in October 2018, the company acknowledged the issue but decided not to address it.

Now, it turns out that Microsoft silently patched this vulnerability (CVE-2019-0887) just last month as part of its July Patch Tuesday updates after Eyal Itkin, security researcher at CheckPoint, found the same issue affecting Microsoft’s Hyper-V technology as well.

Microsoft’s Hyper-V is a virtualization technology that comes built-in with Windows operating system, enabling users to run multiple operating systems at the same time as virtual machines. Microsoft’s Azure cloud service also uses Hyper-V for server virtualization.

reverse rdp attack on windows hyper-v

Similar to other virtualization technologies, Hyper-V also comes with a graphical user interface that allows users to manage their local and remote virtual machines (VMs).

According to a report CheckPoint researchers shared with The Hacker News, the Enhanced Session Mode in Microsoft’s Hyper-V Manager, behind the scenes, uses the same implementation as of Windows Remote Desktop Services to let the host machine connect to a guest virtual machine and share synchronized resources like clipboard data.

“It turns out that RDP is used behind the scenes as the control plane for Hyper-V. Instead of re-implementing screen-sharing, remote keyboard, and a synchronized clipboard, Microsoft decided that all of these features are already implemented as part of RDP, so why not use it in this case as well?” researchers say.

This means, Hyper-V Manager eventually inherits all of the security vulnerabilities reside in Windows RDP, including the clipboard hijacking and path-traversal vulnerabilities that could lead to guest-to-host VM escape attack, “effectively allowing one to break out of a Virtual Machine and reach the hosting machine, virtually breaking the strongest security mitigation provided by the virtualization environment.”

As demonstrated previously, the flaws could allow a malicious or a compromised guest machine to trick the host user into unknowingly saving a malicious file in his/her Windows startup folder, which will automatically get executed every time the system boots.

“A malicious RDP server can send a crafted file transfer clipboard content that will cause a Path-Traversal on the client’s machine,” researchers explain.

Unlike previously, this time, Microsoft decided to patch the vulnerability immediately after the researchers disclosed the Hyper-V implications of this flaw, which is now identified as CVE-2019-0887.

“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection,” Microsoft said while explaining the vulnerability in its security advisory.

“An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The researchers tested and confirmed the patch for the Path-Traversal vulnerability and strongly recommended all users to install the security patch in an attempt to protect their RDP connections as well as their Hyper-V environment.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Visa to Test Advanced AI to Prevent Fraud

Next Post

State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack

Related Posts

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams
Internet Privacy

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
Internet Privacy

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

March 3, 2021
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
Next Post
State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack

State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AWS launches webinar for marketers looking to maximise their machine learning strategy
Machine Learning

AWS launches webinar for marketers looking to maximise their machine learning strategy

March 4, 2021
What Is Intent Data? How to Get Started
Marketing Technology

What Is Intent Data? How to Get Started

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AWS launches webinar for marketers looking to maximise their machine learning strategy March 4, 2021
  • What Is Intent Data? How to Get Started March 4, 2021
  • High severity Linux network security holes found, fixed March 4, 2021
  • A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates