IR-19-029-001 Windows 10 RDPWrap DoS

RDPwrap is a very popular open source third-party Windows Remote Desktop Protocol (RDP) tool offered by Stas’M’Corp from Moscow, Russia. Wapack Labs discovered that RDPWrap creates a local Denial-of-Service (DoS) vulnerability on Windows 10 systems, which could allow an attacker on the system to terminate users RDP sessions. By allowing the attacker to terminate RDP sessions without warning, it is particularly dangerous if the attacker notices an administrator on the system via RDP;and does not want their malware discovered or removed immediately. By disconnecting the administrator or automating the disconnection(s) of any sessions other than the attacker’s session the attacker buys time to hide the infection or remove the evidence of the infection.

IR-19-029-001 Windows 10 RDPWrap DoS.pdf

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance