Vulnerability in RDP Could Allow Remote Code Execution (MS15-067)

ITS Advisory Number: 
2015-079
Date(s) Issued: 
Tuesday, July 14, 2015
Subject: 
Vulnerability in RDP Could Allow Remote Code Execution (MS15-067)
Overview: 

A vulnerability has been discovered in Microsoft's Remote Desktop Protocol that could allow an attacker to remotely take control of the affected system. Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. The vulnerability occurs when an attacker sends a specially crafted sequence of packets to the RDP server service.

 

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 (Server Core Installation)
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been discovered in Microsoft's Remote Desktop Protocol that could allow an attacker to remotely take control of the affected system. In order to exploit this vulnerability, an attacker must send a series of specially crafted packets to a system that is running the RDP server service. This update addresses the vulnerability by modifying how the terminal service handles packets.

 

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Consider disabling the Remote Desktop Server service until the server can be patched.
  • After appropriate testing, apply patch from Microsoft.
References: 

Microsoft

">https://technet.microsoft.com/en-us/library/security/MS15-067

 

CVE:

">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373