WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Web Hosting Domain Name Industry Thursday, March 22, 2018 
Add Press Release News | News Feeds Feeds | Email This News Email

Preempt Researchers Find Critical Vulnerability that Exploits Authentication in Microsoft Remote Desktop Protocol (MS-RDP)
Tuesday, March 13, 2018

CredSSP Flaw Allows Attackers to Exploit Remote Desktop and Windows Remote Management, Affecting All Windows Versions To-Date

Preempt Researchers Find Critical Vulnerability that Exploits Authentication in Microsoft Remote Desktop Protocol (MS-RDP)

CredSSP Flaw Allows Attackers to Exploit Remote Desktop and Windows Remote Management, Affecting All Windows Versions To-Date

SAN FRANCISCO, March 13, 2018 /PRNewswire/ -- Preempt, a leader in adaptive threat prevention that helps enterprises eliminate insider threats and security breaches, today announced its research team found a critical Microsoft vulnerability that consists of a logical flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in the authentication process. CredSSP is responsible for taking care of securely forwarding credentials to the target server. Researchers found that an attacker with man-in-the-middle control over the session can abuse it to achieve the ability to remotely run code on the compromised server on behalf of a user.

With remote desktops being the most popular application to perform remote logins, this vulnerability poses extreme concern. This could leave enterprises vulnerable to a variety of threats from attackers including lateral movement and infection on critical servers or domain controllers. The vulnerability affects all Windows versions to date (starting with Windows Vista).

"This vulnerability is a big deal, and while no attacks have been detected in the wild, there are a few real-world situations where attacks can occur," said Roman Blachman, CTO and co-founder at Preempt. "Ensuring that your workstations are patched is the logical, first step to preventing this threat. It's important for organizations to use real-time threat response solutions to mitigate these types of threats."

With this vulnerability, organizations are susceptible to having an attack mounted with simple Wi-Fi or physical access. If an attacker has access, they can launch a man-in-the-middle attack. Other ways like Address Resolution Protocol (ARP) poisoning and attacking sensitive servers through vulnerable routers and switches will enable the attack.

Organizations can protect themselves from this vulnerability in a few ways:

    --  Preempt customers have been protected from this flaw by providing
        in-depth defense with both alerting and real-time prevention when
        vulnerabilities, such as CredSSP flaw, are exploited in the network.
    --  Make sure that workstations and servers are properly patched. This is a
        basic requirement. However, it is important to note that patching alone
        is not enough as IT professionals will also need to make a configuration
        change to apply the patch and be protected.
    --  As with many previous exploits, blocking the relevant application ports
        (RDP, DCE/RPC) would also thwart attack. However, that this attack could
        be implemented in different ways, even using different protocols.
    --  Reduce privileged account usage as much as possible and use
        non-privileged accounts whenever applicable
    --  For more details on how organizations can protect themselves, read this
        blog: Security Advisory: Critical Vulnerability in CredSSP Allows Remote
        Code Execution on Servers (CVE-2018-0886)

As of March 13, 2018, Microsoft has issued a CVE-2018-0886 patch per Preempt's responsible disclosure of the CredSSP vulnerability.

Additional Resources

    --  Overview blog of CredSSP issues and steps to protect your organization
    --  Technical blog on how Preempt researchers were able to exploit MS-RDP
    --  Video demonstration of the CredSSP exploit

About Preempt
Preempt protects organizations by eliminating insider threats and security breaches. Threats are not black or white and the Preempt Platform is the only solution that delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk. This ensures that both security threats and risky employee activities are responded to with the right level of security at the right time. The platform easily scales to provide comprehensive identity based protection across organizations of any size. The company is headquartered in San Francisco, CA. Learn more about us at

For further information, please contact:
Jacqueline Velasco
Lumina Communications for Preempt
T: 408-680-0564

View original content with multimedia:

SOURCE Preempt

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav SDL and Nuance to Develop Solutions for Machine Translation of Voice and Video | Mar 22, 2018
Nav One-third of businesses have leaked sensitive information to cyber thieves | Mar 22, 2018
Nav SpotX Doubles Down on Digital Video Advertising Safety, Granted Renewal on All Trustworthy Accountability Group (TAG) Certifications | Mar 22, 2018
Nav Crypto Collectible "CryptoFighters" Partners with WAX Tokens and OPSkins Marketplace | Mar 22, 2018
Nav Constant Contact Announces Annual Customer All Star Awards | Mar 22, 2018
Nav Destini Launches Dynamic Product Availability Short-Links Service With Real-Time Media Conversion Tracking | Mar 22, 2018
Nav Wes Gillis Joins VUE Software as Practice Leader of Health and Medicare | Mar 22, 2018
Nav GDC 2018: uSens Opens Beta Program to uSensAR, the Smartphone Augmented Reality Engine, to Help Game Developers Reach Two Billion Android phones | Mar 21, 2018
Nav Swirlds Welcomes Patrick Harding as Senior Vice President of Products | Mar 21, 2018
Nav General Dynamics at AUSA Global Force 2018: Modernizing and Equipping the Army for Today and Tomorrow | Mar 21, 2018

Submit News | View More News View More News