Monday, June 27, 2022

Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access and more

In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a coordinated disclosure process. Microsoft has released a fix in the latest security update and the vulnerability is now identified as CVE-2022-21893.

TL;DR

This vulnerability enables any standard unprivileged user connected to a remote machine via remote desktop to gain file system access to the client machines…

Read More

Latest news
Related news