Remote Desktop Vulnerabilities: What You Need to Know

947

Remote work has become common across many workplaces. Employees working from home use many tools to stay productive remotely, including Remote Desktop Protocol (RDP), but these may introduce new vulnerabilities. While RDP is a helpful tool for remotely accessing company devices, it requires some extra security measures.

One report found that attacks targeting RDP rose 30% in March 2020 as the work-from-home revolution began. Here are a few of the most pressing vulnerabilities with this software you should know about.

  1. Encryption Issues in Earlier Versions

At first, Remote Desktop may seem secure because it encrypts all sessions. In earlier versions of the program, though, the encryption method isn’t sufficient by today’s standards, leaving it vulnerable to hackers. A cybercriminal could exploit this weak encryption to use a man-in-the-middle attack and access your session.

This isn’t an issue in Windows 8 and onward, but pre-Windows 8 versions may be vulnerable. Microsoft has released a legacy patch, but many devices, especially those running third-party or open-source versions, may not have this update installed.

  1. Weak Password Practices

Like most other programs, RDP is also open to vulnerabilities from unsafe user practices. Weak credentials are a particularly pressing concern, as many users reuse their device passwords for remote RDP logins. This password recycling could let cybercriminals access your system through credential stuffing or a brute-force attack.

Many companies leave password management to their employees. While this makes access easy and convenient, it could also open your devices to attacks through RDP. It only takes one compromised password for a hacker to slip past your defenses.

  1. Unsecured Port Access

One of the reasons why RDP attacks are so common is because these services are relatively easy for hackers to target. You can see if RDP is running by looking for TCP port 3389, the default for almost all RDP versions. Since hackers understand that you’ll almost certainly use this port for RDP, they can place themselves there for an on-path attack.

Most businesses likely don’t think about restricting or blocking this port. As such, many users leave it unsecured, giving cybercriminals an open target.

  1. Clipboard Exploits

In the past few years, security experts have discovered another vulnerability in RDP using your computer’s clipboard. Hackers can place malicious code into either a client or host machine’s clipboard, thus infecting the other whenever you copy and paste while sharing clipboards in RDP. While this vulnerability requires user action, it’s a serious risk considering how common copy and paste actions are.

This exploit could let hackers install ransomware, which has become increasingly common, onto your company network through RDP. As more employees use Remote Desktop, companies could become more vulnerable to these devastating attacks.

  1. Buffer Overflow

Many versions of RDP are also vulnerable to buffer overflow attacks. By infecting the host machine with malware, cybercriminals can use buffer overflow to execute actions on the client machine. This exploit would let hackers take control of company systems through an employee’s compromised personal device.

Since this vulnerability has come to light, the leading open-source versions of RDP have patched it. Still, hackers could have found new ways to execute this attack. While Microsoft’s code is likely stronger, outdated versions may still be vulnerable to this exploit.

How to Secure RDP

These vulnerabilities are concerning, but you can take steps to secure RDP. The most effective single action is to use an RDP gateway, which restricts RDP access through a firewall and additional login page. You can use Microsoft’s built-in gateway service or pay for a third-party option.

Using a virtual private network (VPN) can also help secure RDP by providing an extra layer of encryption. Keep in mind, though, that VPNs carry their own vulnerabilities, so you’ll have to address these as well.

You can also change the listing port for RDP to avoid on-path attacks. Alternatively, you could restrict access to port 3389 through firewalls or secure tunneling software.

Finally, you should enact strict password policies for all employees using RDP. Users should use strong, varied, and regularly changed passwords for RDP as well as multi-factor authentication.

RDP Security Is a Growing Concern

As remote work becomes the norm, Remote Desktop vulnerabilities become a more prominent risk. If your company uses this service, you should make sure you understand these vulnerabilities and how to secure them. Securing RDP is becoming an essential part of company cybersecurity.