Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware. A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine. This appears as a network share to the server device at \\tsclient. An attacker who wasRead more
Blog
Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems. After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on the vulnerable systems. Security researcher Kevin Beaumont has been running a network of honeypots in an attempt to capture Bluekeep malware inRead more
Recent research from Sophos highlights your public RDP server as the primary attack vector against your data centre. During April and May 2019, Sophos deployed 10 standard out-of-the-box configured Windows 2019 servers into AWS data centres around the world. By default, Windows 2019 has RDP enabled. They configured each server with uncrackably long passwords andRead more
Microsoft included a fix for a serious RDP remote code execution vulnerability known as BlueKeep in the May patch Tuesday update. The vulnerability, which has become known as BlueKeep or CVE-2019-0708, remains unpatched on millions of internet connected systems. It affects all Windows-NT based operating systems ranging from Windows 2000 and Windows XP up toRead more
The Remote Desktop Protocol (RDP) is a favoured tool for many systems administrators, as it allows a connection to be made to another computer on your network and see the screen and use the mouse and keyboard as if you were physically sat in front of it. This means that for many, if not most,Read more
