Do you still remember the reverse RDP attack? Now, Microsoft has released an update to fix this problem because it affects Hyper-V. Read this post to know more. In addition, with MiniTool Partition Wizard, you can rescue data from virus attack.

The Reverse RDP Attack

Do you remember the reverse RDP attack flaw disclosed earlier this year? This flaw is also known as “Poisoned RDP vulnerability” and is related to clipboard hijacking and path-traversal issues in Microsoft’s Windows built-in RDP client. It could allow a malicious RDP server to compromise a client computer, reversely.

At the time when researchers reported this path-traversal issue to Microsoft, the company acknowledged the issue but decided not to address it.

However, after Eyal Itkin, the security researcher at CheckPoint, found the same issue affecting Microsoft’s Hyper-V technology as well, Microsoft silently patched this vulnerability (CVE-2019-0887) in its July Patch Tuesday updates.

The Reverse RDP Attack Flaw in Hyper-V

Microsoft’s Hyper-V is a virtualization technology built in Windows operating system, enabling users to run multiple operating systems at the same time as virtual machines. In addition, Microsoft’s Azure cloud service also uses Hyper-V for server virtualization.

How to Enlarge Hard Disk for Virtual Machine Easily and Safely
How to Enlarge Hard Disk for Virtual Machine Easily and Safely

You can enlarge the hard disk of virtual machine if you set the disk to be so small at the beginning of creating virtual machine, and here are detailed steps.

Read More

Hyper-V comes with a graphical user interface similar to other virtualization technologies, which allows users to manage their local and remote virtual machines (VMs).

However, the Enhanced Session Mode in Microsoft’s Hyper-V Manager secretly uses the same implementation as that of Windows Remote Desktop Services, making the host machine connect to a guest virtual machine and share synchronized resources like clipboard data.

The RDP is used behind the scenes as the control plane for Hyper-V. Instead of re-implementing the screen-sharing, the remote keyboard, and the synchronized clipboard, Microsoft made all of these features implemented as part of RDP.

This means that the Hyper-V Manager will eventually inherit all the security vulnerabilities of Windows RDP, including the clipboard hijacking and path-traversal vulnerabilities that could lead to guest-to-host VM escape attack.

These vulnerabilities could allow a malicious or a compromised guest machine to trick the host user into unknowingly saving a malicious file in the Windows startup folder, which will automatically get executed every time the system boots.

With these vulnerabilities, attackers can effectively break out of a Virtual Machine and reach the hosting machine, virtually breaking the strongest security mitigation provided by the virtualization environment.

How to Use Windows 10 as a Virtual Machine - A Step-by-Step Guide
How to Use Windows 10 as a Virtual Machine - A Step-by-Step Guide

How to use Windows 10 as a virtual machine? This post takes VirtualBox and VMware Workstation for example to show the detailed steps and gives some useful tips.

Read More

Besides this, these vulnerabilities can also result in a path-traversal on the client’s machine through the shared clipboard, which allows a user to copy a group of files from one computer and paste the files in another computer.

If the shared clipboard receives a crafted file transfer clipboard content sent by a malicious RDP server, and the client fails to properly canonicalize and sanitize the file paths it receives, the malicious RDP server can drop arbitrary files in arbitrary paths on the client machine.

The attacker who successfully exploited this vulnerability could even execute arbitrary code on the victim system. He could then install programs; view, change, or delete data; or create new accounts with full user rights.

Hard Drive Recovery: Recover Lost Data and Restore Lost Partition
Hard Drive Recovery: Recover Lost Data and Restore Lost Partition

Do you know how to make hard drive recovery? This article will show you how to make hard drive recovery including data recovery and partition recovery.

Read More

Based on these severe security problems, unlike previously, this time, Microsoft decided to patch the vulnerability immediately after the researchers disclosed this flaw’s influence on Hyper-V. This vulnerability is now identified as CVE-2019-0887 and Microsoft has released an update to fix this problem.

The researchers tested and confirmed the patch for the Path-Traversal vulnerability and strongly recommended all users to install the security patch so that the RDP connections as well as the Hyper-V environment can be well protected.

  • linkedin
  • reddit

About The Author

Linda
Linda

Position: Columnist

Linda has been working as an editor at MiniTool for 5 years. She is always curious about computer knowledge and learns it crazily. Her articles are simple and easy to understand. Even people who do not understand computer can gain something. By the way, her special focuses are disk management, data recovery and PDF editing.