Check Point has discovered a dangerous flaw in the Windows Remote Desktop Connection app that allows hackers to take over your PC. How to defend
Microsoft’s Remote Desktop Protocol (RDP) is still not secure, despite the fact that last year Microsoft released a patch to fix a major vulnerability, CVE-2019-0887 reported by cybersecurity firm Check Point Technologies.
And it’s Check Point itself that’s back in the news because it discovered that, in the patch released by Microsoft, much of the problem was ignored instead of fixed. Check Point, for this, has contacted Microsoft again that could not do anything but admit the new vulnerability (largely equal to the previous one) assigning it the code CVE-2020-0655. All this back in February, but the patch for this second vulnerability was not published even in the recent May security updates. Much to the surprise of Check Point itself, which is now pulling Microsoft’s ears.
What is Microsoft Remote Desktop Protocol
Remote Desktop Protocol is a proprietary Microsoft protocol that allows remote connection between computers via a convenient graphical interface. It is implemented through clients, available for Windows, Linux, macOS, Android, iOS. In practice, it is the protocol needed to use the Windows Remote Desktop Connection utility, which is very popular both in the corporate environment and for remote repair of Windows computers.
Why Remote Desktop Protocol is dangerous
Last year, Check Point discovered that it was possible to launch a “Reverse RDP Attack” – the execution of code remotely without the user’s permission – via RDP clients for various operating systems. Check Point tested both Microsoft’s official client (i.e. Remote Desktop itself), and other open source clients such as rdesktop and FreeRDP. Officially, Microsoft had fixed this flaw (which depends on the protocol and not just the client), but that’s not really the case because Check Point found another way to bypass the patch and execute dangerous code via RDP clients.
What to do to avoid risk
Since the problem is still there, Check Point doesn’t miss the opportunity to point out that “It’s a mystery that such a simple bypass went unnoticed for so many years in the process of sanitizing Microsoft’s core.” The security firm’s advice is to install Microsoft’s patch to close at least one of the vulnerabilities. Check Point also asks individual client developers to take action on their software until Microsoft gets around to closing the flaw truly at the protocol level.