Recent research by ethical hacking specialists from Check Point Research revealed the existence of dozens of vulnerabilities in a commonly used protocol in Microsoft Azure. These flaws expose multiple cyberattacks to Microsoft cloud users.
During their presentation at the Black Hat
cybersecurity conference, experts noted that Remote Desktop Protocol (RDP)
flaws, used to access other Windows
remote machines, could be exploited to execute code arbitrary in the target
system. By doing this, threat actors could view, modify, and even delete data
or create new, high-privileged accounts.
Earlier this year, the firm revealed the
existence of 25 vulnerabilities in the RDP protocol that could have been
exploited to compromise a machine. Reported flaws affected various open source
RDP clients such as FreeRDP, rdesktop (included in Kali Linux distributions)
and Windows mstc.exe client.
“Once a direct channel is established back
to the target machine, hackers could do virtually anything on the victim’s
system,” says one of the ethical hacking experts responsible for the
investigation.
According to ethical hacking experts, these
vulnerabilities also open the door to deploying more far-reaching attacks
against customers on the Azure cloud platform. According to the latest
findings, Microsoft’s Hyper-V, used for managing virtual machines in remote
locations, is also vulnerable to these flaws. “Any user connected to the
cloud with a Windows machine, or using Hyper-V virtual machines, is exposed to
exploiting these vulnerabilities,” the experts report.
Experts report that by abusing the “copy
and paste” function during an RDP connection, a malicious server could
arbitrarily place files in default locations on the client’s computer, a
situation that exposes the victim to all kinds of malicious activities.
“Computer systems are as strong as their
weakest link, by relying on other software libraries these implementations
inherit all vulnerabilities in widely-used protocols, such as RDP,” the
experts said.
According to ethical hacking specialists from
the International Institute of Cyber Security (IICS) approximately 57% of the
largest U.S. companies use Microsoft Azure, and as if that were not enough, it
is estimated that about 45.8% of all computers around the world use Windows 10,
so the scope of this vulnerability is huge.
On the other hand, the company released a
security update last July, inviting customers to install the fixes or, failing
that, verify that automatic updates are enabled to ensure their protection.
“We try to raise awareness among our customers to mitigate the risk of
exploitation of these bugs.”
