7/16/2015

Microsoft HTTP.sys Vulnerability in RDP Could Allow Remote Code Execution

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.  

On Tuesday, July 14, 2015, Microsoft issued new Security Bulletin MS15-067 which is marked critical.
The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous. The vulnerability could allow remote code execution is and attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.  

Microsoft Notifies:

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk.

This security update is rated Critical for Windows 7 for 32-bit Systems and Windows 8 for 32-bit Systems.
A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) (terminal) service handles packets. While the most likely outcome of this vulnerability is denial of the remote desktop (terminal) service (DOS), remote code execution is possible.

To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by modifying how the terminal service handles packets.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.”

Digital Edge Recommendation:

Digital Edge always recommends not exposing ports directly to the internet. There are multiple techniques available to protect your applications and services from a risk of a remote execution. Digital Edge advises to use VPN tunnels and do not expose RDP protocol directly to public users. There are other techniques to protect ports from direct hit, such as proxies, application level firewalls and others. Those techniques will add an additional barrier in the perimeter defense.

If you feel that you need assistance from the Digital Edge Security team please contact Danielle Johnsen at djohnsen@digitaledge.net.

Was this article helpful?
Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

LET'S TALK: 800-714-5143