Beware Of The Critical Windows Worm Hole, Alerts Microsoft
@smriti-ZtAJsx
•
Oct 9, 2024
Oct 9, 2024
998
Important announcement for MS Windows Administrators, Microsoft has discovered a remote, pre-authentication, network-accessible code execution vulnerability in the implementation of RDP protocol. It is advised that the new and vital  #-Link-Snipped-# update be enforced as soon as possible.
The vulnerability lies in the way the RDP Protocol  accesses an object in memory which has been improperly initialized or has been deleted. If an attacker is able to spot this vulnerability and successfully exploits it then it would be possible to run a random code on the victim's computer. This flaw would allow the attacker freedom to install programs, view, change or delete data without user's permission.
#-Link-Snipped-#
This vulnerability exists in all versions of Windows and though RDP is disabled by default, it would still be a safe-measure to take note of this issue and follow guidelines to tie any loose ends. Microsoft predicts that an exploit for this vulnerability will be developed within the next month. The vulnerability is only accessible if RDP is enabled. A mitigation feature in the RDP, known as  NLA (network level authentication) transfers it to post-authentication stage which reduces the risk of the exploitation.  There are #-Link-Snipped-# for Windows.
Also, the Remote Assistance  feature in Windows with a tick against “less secure†on a RDP-enabled machine will make it more susceptible to exploit, with no barrier to pre-auth code execution. This issue can be ill-used by an attacker even before authentication is required. Microsoft has already shipped  six security bulletins as part of this month’s Patch Tuesday batch addressing loopholes in  Microsoft Windows, Visual Studio and Expression Design.
Source & Image Credit: #-Link-Snipped-#
The vulnerability lies in the way the RDP Protocol  accesses an object in memory which has been improperly initialized or has been deleted. If an attacker is able to spot this vulnerability and successfully exploits it then it would be possible to run a random code on the victim's computer. This flaw would allow the attacker freedom to install programs, view, change or delete data without user's permission.
#-Link-Snipped-#
This vulnerability exists in all versions of Windows and though RDP is disabled by default, it would still be a safe-measure to take note of this issue and follow guidelines to tie any loose ends. Microsoft predicts that an exploit for this vulnerability will be developed within the next month. The vulnerability is only accessible if RDP is enabled. A mitigation feature in the RDP, known as  NLA (network level authentication) transfers it to post-authentication stage which reduces the risk of the exploitation.  There are #-Link-Snipped-# for Windows.
Also, the Remote Assistance  feature in Windows with a tick against “less secure†on a RDP-enabled machine will make it more susceptible to exploit, with no barrier to pre-auth code execution. This issue can be ill-used by an attacker even before authentication is required. Microsoft has already shipped  six security bulletins as part of this month’s Patch Tuesday batch addressing loopholes in  Microsoft Windows, Visual Studio and Expression Design.
Source & Image Credit: #-Link-Snipped-#