Get a Pentest and security assessment of your IT network.

Cyber Security

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

An Improperly Patched Path Traversal Flaw can be bypassed by replacing backward slashes in paths with forward slashes. Microsoft patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update. Microsoft acknowledged the improper fix and re-patched the flaw in February 2020 Patch Tuesday. Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function “PathCchCanonicalize,” unchanged.

Source: https://thehackernews.com/2020/05/reverse-rdp-attack-patch.html

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation