Reply to post: Danger Will Robinson

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

gerdesj Silver badge

Danger Will Robinson

"Despite Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild"

This *is* a very, very, very, serious flaw. If you own DNS (wifi AP for example) you can MitM lots of things to gather credentials (yum!)

I wouldn't know where to start with an RDP flaw unless someone posts enough code for me to copy n paste. This I could probably exploit simply by having the skills of a halfway decent sysadmin. I can easily (it'll take a little time) run up a webserver with fake login pages, I could run up enough IMAPS/POPS/SMTPS to gather creds and I could run up Squid and setup WPAD, DHCP, and so on to grab some more creds.

Patch the bugger on anything that leaves the home or office right now and do the rest as and when.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020