Microsoft developers have updated the Android application for remote access to Windows, removing the vulnerability of RDP-connection (CVE-2019-1108) in RDP Client.
A software error allowed attackers to obtain system information suitable for the further development of the attack.Earlier, a similar bug was closed in the Microsoft desktop RDP client – the patch was included in the July patch package. As experts explained, the problem lay in the incorrect processing of program memory, that explains why technical data fell into open access.
According to the developers, exploits based on vulnerability in RDP Client for Android may appear in the nearest future. To take advantage of the gap, attackers need to connect to the target machine and run third-party software on it.
“Earlier, we already saw how such bugs are used in cyberattacks. A detected gap is likely to arouse interest among attackers, so users should install the update as soon as possible”, – experts explain.
Microsoft experts also clarified that there are no other ways to protect against CVE-2019-1108.
Remote connection bugs have traditionally attracted the attention of cybercriminals. As a recent study showed, attacks on an insecure RDP host begin within a minute and a half after it is connected to the network. Experts recorded ten hacking attempts per minute; in 2012, the number of such incidents did not exceed two per hour.
Victims of attacks through a remote connection run the risk of getting a cryptographic malware on the computer, becoming a part of the botnet or losing their data.
Read also: Microsoft has fixed two new vulnerabilities that are similar to BlueKeep
The problem is exacerbated by software vulnerabilities that are constantly found in RDP systems and terminal access services. This type is the BlueKeep bug published in May, which threatens to execute third-party code with the ability to quickly scale attacks.
Later, Microsoft developers eliminated two similar vulnerabilities in their products that allowed sending unauthorized commands to Windows-based computers.
Mitigation measures
Microsoft advises all its Android customers who have Microsoft Remote Desktop for Android installed on their devices to install the latest security update to be fully protected from future attacks.
To update their Microsoft Remote Desktop for Android app to mitigate this security flaw, users have to go through the following procedure:
- Tap the Google Play icon on your home screen.
- Swipe in from the left edge of the screen.
- Tap My apps & games.
- Tap the Update box next to the Remote Desktop app.