none
Major security vulnerability: Quick Assist in View Screen mode allows touch input to control remote PC RRS feed

  • Question

  • When in a Quick Assist session in View Screen mode, keyboard and mouse input is not passed to the remote PC, but touch input is, allowing the assisting user to control the remote machine via touch without permission.

    This is a major security vulnerability allowing a remote user who has only been granted view permission to take over a remote PC.

    --Daniel

    Tuesday, February 11, 2020 4:17 PM

All replies

  • HI
    1.can you enter winver in command prompt on issue win10 computer and look the os version and os version number ?[for example windows 10  enterprise 1809 (os build 17763.316)]
    2.did you try to inplace upgrade win10 to the latest version win10(1903 or 1909) on both client side and server side ,then check the result ?
    3.I think we can post this issue in below forum.Thanks for your any suggestions ,i think it will help other users.
    Remote Desktop Services user voice and feed back
    https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.




    Wednesday, February 12, 2020 6:22 AM
  • Oh, hi, Andy.

    I told you about this major security vulnerability that lets a remote user take over a Windows PC when they have only been granted View permissions EIGHT MONTHS AGO:

    https://social.technet.microsoft.com/Forums/windows/en-US/ba6ddbdf-2749-431f-8006-fd19a5b4043c/quick-assist-in-view-screen-mode-allows-touch-input-to-control-remote-pc?forum=win10itprogeneral#dbff579a-5a8a-4b67-bb74-05b38c1a470d

    Have you been working on this gaping hole in Windows security this whole time, or completely ignoring it?

    As for posting in UserVoice, I also did that EIGHT MONTHS AGO.

    Can you find someone to address this who actually cares?

    Thanks!

    • Edited by Kirchh Saturday, February 15, 2020 5:01 AM
    Saturday, February 15, 2020 4:53 AM
  • I can reproduce this with: Windows 10 Pro x64, version 1909 build 18363.657 on both systems.
    Touch input from my laptop is indeed passed through to the assisted system, although only "View Screen" was requested and allowed.
    Saturday, February 15, 2020 7:47 AM
  • I can reproduce this with: Windows 10 Pro x64, version 1909 build 18363.657 on both systems.
    Touch input from my laptop is indeed passed through to the assisted system, although only "View Screen" was requested and allowed.
    Same. Andy, maybe you and I can set up a Quick Assist session where you only grant me View access. I'd LOVE to demonstrate this issue to you.
    Saturday, February 15, 2020 4:35 PM
  • HI
    I had reported it before and i have reported it again.
    i also think we can click "feedback" in this webpage to report your issue. 

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, February 17, 2020 3:03 AM
  • HI
    I had reported it before and i have reported it again.
    i also think we can click "feedback" in this webpage to report your issue. 

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    To whom did you report it?

    Be specific.

    What follow up have you been doing since June of 2019?

    Monday, February 17, 2020 5:30 AM
  • HI

    in general ,we reported potenrial bug in below system.


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, February 23, 2020 2:45 PM
  • What’s the status of the bug report you submitted in June, 2019?
    Sunday, February 23, 2020 4:19 PM