Remote Desktop Security

Caron1
Caron1 Posts: 1
in General questions

I Have just received this warning through, is anyone able to advise on how safe Team Viewer is for remote accessing, is it IP to IP address safe? 

  1. DejaBlue Windows Remote Desktop Services RCE Vulnerabilities CC-3176 [HIGH SEVERITY]
  2. HTTP/2 Denial-of-Service Vulnerabilities CC-3181
  3. VBShower Backdoor CC-3177
  4. Saefko Remote Access Trojan CC-3174
  5. Vendor Security Updates

DejaBlue Windows Remote Desktop Services RCE Vulnerabilities

CC-3176

Published to ISP 14/08/2019
 

Microsoft has released details of four remote code execution vulnerabilities, collectively referred to as DejaBlue, affecting Remote Desktop Services (RDS, formally Terminal Services) on their Windows and Windows Server operating systems. They claim that an unauthenticated remote user could exploit these vulnerabilities to gain control of affected systems.

The vulnerabilities occur as a result of RDS improperly handling user requests. An attacker could exploit these by sending specifically crafted request to an affected system. If successful, they could then execute arbitrary code on the system.

As these vulnerabilities occur pre-authentication, they can be classed as 'wormable' and could be used to create malware that is able to propagate without requiring user interaction.

Please note that Remote Desktop Protocol (RDP), the protocol used by RDS, is itself not impacted by these vulnerabilities.

Affected Platforms

  • Microsoft Windows - Versions 7 SP1, 8.1 and 10 (all variants)
  • Microsoft Windows Server - Versions 2008 R2 SP1, 2012, 2012 R2, 2016 and 2019 (all variants)

Users and administrators are encouraged to review the following Microsoft update advisories, available on the Information Sharing Portal, and apply the necessary updates:

  • CVE-2019-1181: RDS Remote Code Execution Vulnerability
  • CVE-2019-1182: RDS Code Execution Vulnerability
  • CVE-2019-1222: RDS Remote Code Execution Vulnerability
  • CVE-2019-1226: RDS Remote Code Execution Vulnerability

Organisations unable to fully remediate these vulnerabilities are encouraged to use the following additional mitigation guidance:

  • Disabling RDS mitigates this vulnerability.
  • Enabling Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2 stops unauthenticated attackers from exploiting this vulnerability. If an attacker can authenticate to RDS then an exploit is still possible.

Additionally, organisations can consider the following steps to help detect and prevent attacks using RDP:

  • Only allow point-to-point connections from specific IP addresses where feasible.
  • Ensure Transport Layer Security (TLS) is up-to-date.
  • Log and monitor all RDP activity and investigate unusual behaviour.
  • Consider only allowing RDP for authorised virtual private network (VPN) connections.

Comments

  • Natascha
    Natascha Posts: 1,591 Moderator

    Hi @Caron1 

    Thank you for your post. 

    Since all TeamViewer interactions are fully encrypted, this includes connections in LAN only mode as well

    In our Trust Center, you will find all detailed information about TeamViewers' security standards: TeamViewer Trust Center

    We provide also more useful information in the following article about LAN connections: Can TeamViewer be used within a local network (LAN) only?

    Please note, that some functionalities are not provided within a LAN connection. 

    I hope this could help. If there are any further questions, please do not hesitate to contact us again.

    Wish you a great Friday and all the best,
    Natascha

    German Community moderator 💙 Moderatorin der deutschsprachigen Community

Trustpilot

Categories

This Week's Leaders