none
Microsoft Remote Desktop Windows 10 App vs MSTSC.exe RRS feed

  • Question

  • With the recent disclosure of vulnerabilities with mstsc.exe by Check Point researchers my team is considering our future use of the program. The biggest question we had was whether the Microsoft Store's Microsoft Remote Desktop app was based upon mstsc.exe, and if it is, whether the disclosed vulnerabilities could affect that application as well.

    I will add a source for the study as soon as I'm allowed to add links in these posts, but in the mean time you can find it by searching Reverse RDP Attack: Code Execution on RDP Clients and look for the link on the research sub-domain of Check Point's website.


    Edit: Here's the link - https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
    • Edited by Nichoals Wednesday, February 6, 2019 7:15 PM Adding source
    Wednesday, February 6, 2019 7:08 PM

Answers

  • I read those and to me not much, so do you connect to unknown servers using MSTSC? This appear to me to be an issue if you connect to a compromised server, that can than read the clipboard of the client. So turn off clipboard sharing on the client and the issue is negated.

    For the Remote Desktop App, all I can see using Process Explorer is see if appears to use a different process, RD.Client.Windows.Exe to create the remote session. It does not offer any remote clipboard.


    Friday, February 8, 2019 12:23 AM