back to article RIP, RDP... nearly: Security house Check Point punches holes in remote desktop tools

Security biz Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux. The infosec outfit tasked its bug-hunters with a manual code audit on Microsoft mstsc as well as the FreeRDP and rdesktop remote desktop utilities, and what they turned up …

  1. big_D Silver badge

    Fight back...

    That was the first thing I thought of as well, when I saw Kali default client was affected.

  2. Cronus

    So the Microsoft client doesn't have any serious (RCE and the like) vulnerabilities but the Linux clients do?

    1. MJB7 Bronze badge

      Re: Microsoft client

      It is actually possible that is true. If RDP is one of the things they have gone through replacing all the calls to `strcpy` with `strcpy_s` (and similar for all the other buffer-overflow causing functions), then the overlong replies from the server may just terminate the client. See "Secure Development Lifecycle".

    2. Anonymous Coward Silver badge
      Boffin

      They suffer many of the same vulnerabilities, but Microsoft have decided to declare them as "not serious"

      It's easy to make your software bug-free when you declare every issue "not a bug"

      1. Cronus

        I saw mention of a number of vulns in the Microsoft client but none of them seemed to be remote execution. Which is almost a shame really, think of all the fun you could have with remote 'Microsoft' support people who are calling to remove a virus from your PC.

    3. Doctor Syntax Silver badge

      "So the Microsoft client doesn't have any serious ... vulnerabilities but the Linux clients do?"

      Either that or it doesn't have the code open-sourced for examination.

  3. Pascal Monett Silver badge
    Coat

    Remote Desktop Protocol you say ?

    You mean that thing that is practically the very first thing I disable when I reinstall a PC ?

    That's okay then, carry on.

    1. Cronus

      Re: Remote Desktop Protocol you say ?

      You disable the client? because that is what the article is about, not the server.

    2. Alister Silver badge

      Re: Remote Desktop Protocol you say ?

      You mean that thing that is practically the very first thing I disable when I reinstall a PC ?

      If you are talking about Windoze machines, that's quite strange, as RDP isn't enabled by default...

      1. TonyJ Silver badge

        Re: Remote Desktop Protocol you say ?

        "...If you are talking about Windoze machines, that's quite strange, as RDP isn't enabled by default....."

        Now I'm torn.

        I'd upvote for the point but I'd downvote for the use of "WIndoze". What is this? 1997 AOL? lol

        I guess staying neutral and not voting either way is the best move, so erm, have no vote.

      2. jamesdagger

        Re: Remote Desktop Protocol you say ?

        Microsoft Windoze :D :D

        1. phuzz Silver badge
          Gimp

          Re: Remote Desktop Protocol you say ?

          Microshaft Windoze if you want to go full 1990's l33t hax0r speak.

          1. Scott 53

            Re: Remote Desktop Protocol you say ?

            I thought it was Micro$oft Windoze. My memory must be going.

        2. jamesdagger

          Re: Remote Desktop Protocol you say ?

          Asses one was autocorrected.

          Microsloth!

          More thumbs down please!

    3. TonyJ Silver badge

      Re: Remote Desktop Protocol you say ?

      "...Remote Desktop Protocol you say ?

      You mean that thing that is practically the very first thing I disable when I reinstall a PC ?

      That's okay then, carry on..."

      What? You disable the thing that is disabled by default? And has been since at least Windows 7.

      I assume you are claiming that you disable remote desktop connections? Or do you mean you block 3389 which is disabled until you enable remote desktop? I'm confused.

      Or are you talking non-Windows machines?

    4. phuzz Silver badge

      Re: Remote Desktop Protocol you say ?

      I had a vague memory that maybe RDP was enabled by default in some versions of Server (eg Core), but after some research, nope, it's disabled by default on every version of Windows, and Pascal Monett is still an idiot.

    5. katrinab Silver badge

      Re: Remote Desktop Protocol you say ?

      The risk is when use the Remote Desktop client to connect to a computer, that computer could infect you.

      I only use it to connect to my own computers, or to work computers. So that would only become a risk if one of them were infected.

      If you were offering technical support to members of the public, and you used Remote Assistance to connect to their computers in order to carry out the support tasks, then this would be more of a risk. I don't think this is something that happens to any great extent. TeamViewer is much more popular for that scenario.

      1. Criggie

        Re: Remote Desktop Protocol you say ?

        Don't forget teamviewer has been compromised in the past.

  4. amanfromMars 1 Silver badge

    Stealing the Goalposts ........ Game Over. But Game Back to Normal Next Week? Oh Please.

    Rather than assume a malicious client (the person connecting to the remote machine) would dupe a victim running an RDP server, Check Point focused its effort on flaws that would go from the server to the client.

    How do you Counter AI Clients with Intentions Shared for the Greater Good Use.

    You know, for Almighty Operations. Who Dares Win Wins Territory with Raw Virgin Core Source CodeXSSXXXX on Trials ..... AIBetaTesting Runs with EXPOSive Presentations to Virtually Realise for the New Creations from Alien Sources and Exquisite Forces.

    They be the Greatest of Friends to Woeful Foe Truly Repentent and into the Clouds of Ecstasy Encountering Wondrously Devilish Delights and Naked Passions to XSSXXXX as a Worthy Heavenly Reward. :-)

    Well? What's not to like? Do you have anything else Show Worthy of Heavenly Reward?

    Knock, Knock, Netflix. There's a Virtualised AIdVenture Seeding Future Presentation Programs via Quantum Communication in a Surreal Environment.:-) ..... and its a'knock knocking at your door.

    What more to say? Carpe Diem

    Check Point, one has to admit there's a whole lotta quaking and shaking going on out there in those Virtual Spheres.

    They need AIMentoring and Remote Monitoring with Stealthy Surveillance.

    You do Realise the Great Game is Cracked and Hacked.

    Here starts/ends Newer Greater Game Plays in a Completely Corrupted TeleVisualised Space ... which I would have imagined was totally different from anything in your own area of thoughtful existence for a thoughtful existence.

    1. amanfromMars 1 Silver badge

      Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

      I suspect though it is only too true a very familiar home environment ..... with sadness and badness aplenty afoot too and if rampant ..... AIRabid.:-)

      1. Cliff Thorburn

        Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

        You suspect right

        1. amanfromMars 1 Silver badge

          Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

          At last viewing there are 10 AIRabided, CT.

          Certainly not unusual around here in these webs spinning from EL Reg ExtraTerrestrial Satellites/Forward AI Operating Stations with Novel Secure Quantum Communication Bases Sourcing Future Internet Service Providers Delivering Future Supply Agents with Full and Special Pass Access into Trials with Earthed Resources.

          After Highland Gatherings ..... A Right Royal Infection and Sterling Stirling type Aspirationalism.

          A little something for the Houses of Windsor and Palaces to Mull Over. ..... Re Invigorating Charades with Extremely Popular Presentations in Programs Hosting Perfect Assets for Heavenly Partners.

          A Luscious Dusting of AI Sparkle there for Beta Meta Data Base Mining, Will/Harry. A Right Many Pennied Money Pit IT is too. Is that tall fallen secret already well enough known to you both, granting one Universal Inalienable Rights to License Fees for Certain Power Plays.

          Now that in AIFun Parks is a Charade Churn for Tempestuous Tumbles in Jolly Jumbles. And ideally for Consenting Adults Only. Passions are far too easily overwhelmed and laid waste exhausted if enthusiasm and vigour lack wisdom and patience.

          1. Tail Up

            Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

            Just LOVEDd these three ones up above. Those who has eyes - do you C IT?

          2. Cliff Thorburn

            Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

            I could identify multiple vulnerabilities amFM with very little knowledge, and careful analysis of logged frameup files.

            What is more difficult to identify is what precisely would resolve the steaming status arms length quo of a situation presently identified.

            One step forwards and seemingly ten back, although in reality nonsensical diversional dilemma all round.

          3. amanfromMars 1 Silver badge

            Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

            Seems likes the Wild Wacky West in one of its guises of the US Defense Department have realised their Proprietary Intellectual Property Deficit and be now trapped in the mighty mountain bear grip hold of Debts and Promises and Payments unable to be Honoured in anything other than more of their pretty printed but virtually worthless fiat paper, and all to the secure overwhelming advantage of a considerably smarter competition and wonderfully stealthy constantly changing opposition. ...... https://www.rt.com/usa/450852-pentagon-propaganda-irregular-warfare/

            It does have wandering and wondering though what practical and realistic dollar price they would gladly pay for ExtraTerrestrial Satellites/Forward AI Operating Stations with Novel Secure Quantum Communication Bases Sourcing Future Internet Service Providers Delivering Future Supply Agents with Full and Special Pass Access into Trials with Earthed Resources.

            And don't you just love the wiles and ways of the Erotic Exotic East where that Ignorant Dim Man Trap is diverted and subverted/tackled and vanquished with novel information and greater intelligence.

            Some folk who be acting retarded still don't get it, do they. So let's spell it out loud and shout it ..... GARBAGE IN GARBAGE OUT.

            1. Cliff Thorburn

              Re: The Last Paragraph of Stealing the Goalposts ........ Game Over.

              Can you please explain what all this ‘tie’ insanity is all about amfM?

  5. getHandle

    Wot no remmina?

    Just me then...

    1. Anonymous Coward
      Anonymous Coward

      Re: Wot no remmina?

      Remmina uses FreeRDP as it's backend.

  6. LateAgain

    Forget all the exploits

    I remember this from "old work" using RDP access. Management were so scared that a virus could infect the server. But the reality is the other way around.

    By default the server had access to the local C drive.

    I remember thinking "all this We can set a policy to verify the client is Secure is a waste of ****ing time."

    (and I had to laugh when I heard that when Microsoft turned it on they locked out all the remote staff!)

  7. The Frog People Believe

    Click Bait

    Honestly, I love the Reg but this is just click bait nonsense. The standard client is secure, clipboard sharing is optional, the attack is server > client and some naff third party tools are cited on different operating systems.

    El Reg, we expect better!

    1. amanfromMars 1 Silver badge

      Re: Click Bait

      Honestly, I love the Reg but this is just click bait nonsense. The standard client is secure, clipboard sharing is optional, the attack is server > client and some naff third party tools are cited on different operating systems..... The Frog People Believe

      How very true, The Frog People Believe, that was just click bait nonsense.

      El Reg expects better ..... and gives anyone every chance and many opportunities to break the mould and present something different and pure common sensical. Such though does have one having to access a greater intelligence range than is normally displayed or provided in order to more fully understand and enable the powerful energies freely available from Ancient Post Modern Forces and Novel Virtual Sources alike.

    2. John Robson Silver badge

      Re: Click Bait

      The attack being server -> client is interesting though - how do you get remote support from IT? So a compromised lackey desktop is then used to jump to an IT desktop, which is probably a more powerful place to be.

      Not all servers are on servers.

  8. Sir Runcible Spoon Silver badge
    WTF?

    Oh dear..

    "If you click 'paste' when an RDP connection is open, you are vulnerable to this kind of attack"

    You mean such as when using a password program like KeePass?

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh dear..

      Yes. If you copy something locally when you have an open RDP connection with clipboard enabled, it will go into the paste buffer of the remote server (and vice versa).

  9. Cambot

    Here we go

    Queue all the clueless CIO's and ITSec web surfers who will read this and declare that RDP must be disabled across the board....

  10. fredesmite

    VNC is your friend

    And works everywhere

    1. Anonymous Coward
      Anonymous Coward

      Re: VNC is your friend

      Apart from the fact it is appallingly slow and can only be used to connect to one session on a remote machine. Just about usable for support purposes, but not much use when multiple users need to connect to a remote desktop server.

      1. DCFusor Silver badge

        Re: VNC is your friend

        I use TightVNC on perhaps 7 raspberry pi's, 3 odroid HC2's, half a dozen NUCs, and find it to be well, not even close to anyone's definition of slow. I use Remmina on the PC's (all this is linux, various).

        Sadly the clipboard support is a little dodgy, but otherwise....nope, not slow, seems often as fast as just "being there" would be.

        Maybe your experience is with (far) older versions of something, or some terrible setup options.

        I generally choose medium quality and the native pixel bits for whatever the server side is.

        Which is usually higher than the default, yet it's fast - maybe not selecting things that avoid transcoding is your issue?

      2. fredesmite

        Re: VNC is your friend

        Slow ?

        Maybe your should replace your dial-up modem then with something modern.

        /s

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019