Tuesday, January 14, 2025
HomeSecurity NewsCritical Vulnerability with CredSSP Protocol Affects WinRM and RDP on all Windows...

Critical Vulnerability with CredSSP Protocol Affects WinRM and RDP on all Windows Versions to Date

Published on

A critical remote code execution vulnerability with Credential Security Support Provider protocol (CredSSP protocol) that exploit RDP and WinRM on all the version of windows machine could allow attackers to run arbitrary code on target servers.

The logical flaw is with CredSSP protocol provides Security that used by Remote Desktop Protocol and Windows Remote Management to transfer the credential securely.

Also Read Researchers bypassed Windows 10 Lock Protection and Access Cortana Voice Commands that leads to Install Malware

Security researchers from preempt discovered the logical flaw in CredSSP that could be exploited by an attacker who can launch a man-in-the-middle attack over such a session can abuse it to run remote code on the machines that associated with the compromised network.

This vulnerability with Security Support Provider CredSSP protocol could be a gateway for hackers as it affects all the version of windows starting from Vista. The issue is critical as DCE/RPC remains enabled by default.

How can attackers exploit the flaw with CredSSP protocol?

An attacker could exploit this vulnerability by launching a MITM attack and wait for the CredSSP session to occur, and if the session occurs attackers can steal session authentication and perform a Remote Procedure Call (DCE/RPC) attack on the server where the user connected to.
CredSSP protocol

Now an attacker who gained privileged access to the system can run different commands and install payloads. In the real world scenarios Vulnerable routers/switches, ARP poisoning attack and vulnerabilities like KRACK can allow attacks to launch MITM network over enterprise network and wait for an IT admin to log-on to the server using RDP.

The vulnerability tracked as CVE-2018-0886 and Microsoft released patches for all affected platforms and also advised administrators to force the updates through group policies.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...