CyberArk researchers discovered a Windows Remote Desktop Protocol (RDP) vuln tracked as CVE-2022-21893. Simply put, they point out that “This vulnerability enables any standard unprivileged user connected to a remote machine via remote desktop to gain file system access to the client machines of other connected users, to view and modify clipboard data of other connected users, and to impersonate the identity of other users logged on to the machine using smart cards. This could lead to data privacy issues, lateral movement and privilege escalation.” They say that the current versions of Windows all have this vuln, which dates back to Windows Server 2012 R2, so the assumption is that most Windows versions, both client & server editions, are susceptible. CyberArk reported the vulnerability to Microsoft who has released a fix in the latest security update.

Experts Comments

January 14, 2022
Nasser Fattah
Executive Advisor
Shared Assessments

RDP attacks have been around since the introduction of RDP. This protocol, like most old protocols running on Windows computers, was primarily designed for functionality without security in mind. Hence, it is a protocol that will require ongoing patching because of newly discovered vulnerabilities. Here it is very important to know if you have RDP exposed on the Internet because it is a highly scanned port by threat actors to exploit. 

This is vulnerability management 101. Shodan, and other

.....Read More

RDP attacks have been around since the introduction of RDP. This protocol, like most old protocols running on Windows computers, was primarily designed for functionality without security in mind. Hence, it is a protocol that will require ongoing patching because of newly discovered vulnerabilities. Here it is very important to know if you have RDP exposed on the Internet because it is a highly scanned port by threat actors to exploit. 

This is vulnerability management 101. Shodan, and other comparable search/scan engines that are readily accessible, continue to show many systems on the Internet running RDP.

  Read Less
January 14, 2022
Garret F. Grajek
CEO
YouAttest

This windows pipe service attack (TSVCPIPE) is conducting the standard attack sequence hackers take after scanning and enumerating our systems.This attack allows the hackers to become an identity on the machine that has advance privileges and thus enable the attacker to reach their objective: persistence, lateral movement, and exfiltration. The enterprise needs to have triggers on anomalous traffic, safeguards that impede lateral movement (zero trust) and detection and reviews of identities to

.....Read More

This windows pipe service attack (TSVCPIPE) is conducting the standard attack sequence hackers take after scanning and enumerating our systems.This attack allows the hackers to become an identity on the machine that has advance privileges and thus enable the attacker to reach their objective: persistence, lateral movement, and exfiltration. The enterprise needs to have triggers on anomalous traffic, safeguards that impede lateral movement (zero trust) and detection and reviews of identities to detect privilege escalation.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.