Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



CyberArk publishes high-risk Windows RDP vuln - Patch Tuesday

January 2022 by CyberArk

Today, CyberArk Labs published new research detailing a vulnerability in Windows Remote Desktop Protocol (RDP) that allows any user connected to a remote machine via RDP to access the client machines of other connected users - creating considerable risk for any organisation using the protocol.

Once the vulnerability is exploited, an attacker can execute a man-in-the-middle attack, allowing them to view/modify clipboard data of other connected users, access victim drives/folders or even impersonate the identity of other users logged on to the machine using smart cards – currently used to access clinal systems through NHS Digital, amongst other public sector services.

CyberArk researchers were able to execute the vulnerability by developing a tool that abuses the virtual channels Windows RDP uses to communicate between the server and client from within the remote machine.

See previous articles


See next articles