Recent research by ethical hacking specialists from Check Point Research revealed the existence of dozens of vulnerabilities in a commonly used protocol in Microsoft Azure. These flaws expose multiple cyberattacks to Microsoft cloud users.
During their presentation at the Black Hat cybersecurity conference, experts noted that Remote Desktop Protocol (RDP) flaws, used to access other Windows remote machines, could be exploited to execute code arbitrary in the target system. By doing this, threat actors could view, modify, and even delete data or create new, high-privileged accounts.
Earlier this year, the firm revealed the existence of 25 vulnerabilities in the RDP protocol that could have been exploited to compromise a machine. Reported flaws affected various open source RDP clients such as FreeRDP, rdesktop (included in Kali Linux distributions) and Windows mstc.exe client.
“Once a direct channel is established back to the target machine, hackers could do virtually anything on the victim’s system,” says one of the ethical hacking experts responsible for the investigation.
According to ethical hacking experts, these vulnerabilities also open the door to deploying more far-reaching attacks against customers on the Azure cloud platform. According to the latest findings, Microsoft’s Hyper-V, used for managing virtual machines in remote locations, is also vulnerable to these flaws. “Any user connected to the cloud with a Windows machine, or using Hyper-V virtual machines, is exposed to exploiting these vulnerabilities,” the experts report.
Experts report that by abusing the “copy and paste” function during an RDP connection, a malicious server could arbitrarily place files in default locations on the client’s computer, a situation that exposes the victim to all kinds of malicious activities.
“Computer systems are as strong as their weakest link, by relying on other software libraries these implementations inherit all vulnerabilities in widely-used protocols, such as RDP,” the experts said.
According to ethical hacking specialists from the International Institute of Cyber Security (IICS) approximately 57% of the largest U.S. companies use Microsoft Azure, and as if that were not enough, it is estimated that about 45.8% of all computers around the world use Windows 10, so the scope of this vulnerability is huge.
On the other hand, the company released a security update last July, inviting customers to install the fixes or, failing that, verify that automatic updates are enabled to ensure their protection. “We try to raise awareness among our customers to mitigate the risk of exploitation of these bugs.”