Do you still remember the reverse RDP attack? Now, Microsoft has released an update to fix this problem because it affects Hyper-V. Read this post to know more. In addition, with MiniTool Partition Wizard, you can rescue data from virus attack.
The Reverse RDP Attack
Do you remember the reverse RDP attack flaw disclosed earlier this year? This flaw is also known as "Poisoned RDP vulnerability" and is related to clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client. It could allow a malicious RDP server to compromise a client computer, reversely.
At the time when researchers reported this path-traversal issue to Microsoft, the company acknowledged the issue but decided not to address it.
However, after Eyal Itkin, the security researcher at CheckPoint, found the same issue affecting Microsoft's Hyper-V technology as well, Microsoft silently patched this vulnerability (CVE-2019-0887) in its July Patch Tuesday updates.
The Reverse RDP Attack Flaw in Hyper-V
Microsoft's Hyper-V is a virtualization technology built in Windows operating system, enabling users to run multiple operating systems at the same time as virtual machines. In addition, Microsoft's Azure cloud service also uses Hyper-V for server virtualization.
You can enlarge the hard disk of virtual machine if you set the disk to be so small at the beginning of creating virtual machine, and here are detailed steps.
Hyper-V comes with a graphical user interface similar to other virtualization technologies, which allows users to manage their local and remote virtual machines (VMs).
However, the Enhanced Session Mode in Microsoft's Hyper-V Manager secretly uses the same implementation as that of Windows Remote Desktop Services, making the host machine connect to a guest virtual machine and share synchronized resources like clipboard data.
The RDP is used behind the scenes as the control plane for Hyper-V. Instead of re-implementing the screen-sharing, the remote keyboard, and the synchronized clipboard, Microsoft made all of these features implemented as part of RDP.
This means that the Hyper-V Manager will eventually inherit all the security vulnerabilities of Windows RDP, including the clipboard hijacking and path-traversal vulnerabilities that could lead to guest-to-host VM escape attack.
These vulnerabilities could allow a malicious or a compromised guest machine to trick the host user into unknowingly saving a malicious file in the Windows startup folder, which will automatically get executed every time the system boots.
With these vulnerabilities, attackers can effectively break out of a Virtual Machine and reach the hosting machine, virtually breaking the strongest security mitigation provided by the virtualization environment.
How to use Windows 10 as a virtual machine? This post takes VirtualBox and VMware Workstation for example to show the detailed steps and gives some useful tips.
Besides this, these vulnerabilities can also result in a path-traversal on the client's machine through the shared clipboard, which allows a user to copy a group of files from one computer and paste the files in another computer.
If the shared clipboard receives a crafted file transfer clipboard content sent by a malicious RDP server, and the client fails to properly canonicalize and sanitize the file paths it receives, the malicious RDP server can drop arbitrary files in arbitrary paths on the client machine.
The attacker who successfully exploited this vulnerability could even execute arbitrary code on the victim system. He could then install programs; view, change, or delete data; or create new accounts with full user rights.
Do you know how to make hard drive recovery? This article will show you how to make hard drive recovery including data recovery and partition recovery.
Based on these severe security problems, unlike previously, this time, Microsoft decided to patch the vulnerability immediately after the researchers disclosed this flaw's influence on Hyper-V. This vulnerability is now identified as CVE-2019-0887 and Microsoft has released an update to fix this problem.
The researchers tested and confirmed the patch for the Path-Traversal vulnerability and strongly recommended all users to install the security patch so that the RDP connections as well as the Hyper-V environment can be well protected.