I’m gonna call this issue Seven Monkeys as there’s 7 new RDP vulnerabilities and I like monkeys. Updating thread as I got through them.
-
Show this thread
-
By the way, this looks like it is much more serious than BlueKeep as there’s so many different issues. Do not disable NLA.
4 replies 5 retweets 31 likesShow this thread -
Thread updated, mitigations next step. RemoteFX, RDP8+ are fun.
1 reply 0 retweets 12 likesShow this thread -
-
Microsoft say two of the vulns are wormable:https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ …
2 replies 2 retweets 16 likesShow this thread -
I’d say 3 of the vulnerabilities are wormable, unless I’m missing something (as CVE-2019-1226).
2 replies 4 retweets 14 likesShow this thread -
Anyhoo my message is keep calm and patch. I’ve updated the thread to say no known exploits etc, the usual race between patching to patch reversing has begun, y’all can win that race.
4 replies 2 retweets 23 likesShow this thread -
Kevin Beaumont Retweeted Michael W. Norris
Goddamn this is a good namehttps://twitter.com/norrismw/status/1161359642972360705?s=21 …
Kevin Beaumont added,
4 replies 2 retweets 23 likesShow this thread -
Damn right I renamed it to the funnier name.pic.twitter.com/TjlU4BMEIK
1 reply 5 retweets 45 likesShow this thread -
I think it’s possible several of the vulns are remotely exploitable pre-auth with NLA enabled, as it appears like Windows processes RemoteFX in RDP8+ over UDP packets w/o authentication.
3 replies 1 retweet 7 likesShow this thread
When I was looking into attack vectors for malicious thumb drives, RemoteFX USB device sharing only was available *after* authentication in my testing. At least according to the GUI. And for the USB device sharing part of RemoteFX.pic.twitter.com/MAOfiZ2bHd
-
-
Replying to @wdormann @GossiTheDog
The more fun vector might be for PID cards. Those have to attach pre-auth.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.