Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V


reverse rdp attack on windows hyper-v

Remember the Reverse RDP Attack?

Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft’s Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.

(You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP clients, in a previous article written by Swati Khandelwal for The Hacker News.)

At the time when researchers responsibly reported this path-traversal issue to Microsoft, in October 2018, the company acknowledged the issue, also known as “Poisoned RDP vulnerability,” but decided not to address it.

Read more…