yodaa
asked on
RDP exploit
Hi Guys,
One of my memebrs connect to another client PC via VPN (Remotely).
I have checked the client's computer settings and the windows 7 its not updated since June 2016.
My question is.
Is there any possibility that if they will get wannacry or another nasty malware and then it will infect our system via RDP ?
Thanks
One of my memebrs connect to another client PC via VPN (Remotely).
I have checked the client's computer settings and the windows 7 its not updated since June 2016.
My question is.
Is there any possibility that if they will get wannacry or another nasty malware and then it will infect our system via RDP ?
Thanks
Even then, with RDP, you can copy files over an RDP connection, so maybe not so irrelevant thinking about it
ASKER
They are not going into our system its opposite. We are loggin into their system via windows vpn and then RDP..
If you are making a VPN connection to them, then yes
"Most corporate environments will now filter SMB connections coming from the internet. In a lot of environments however internal SMB connections are allowed (do not forget the VPN!). You should reconsider this. Not all of your machines require incoming SMB (or RDP) connections. Most security suites now include a local host firewall. If you are not using a security suite you can use the build-in firewall of Microsoft. Deploy a policy that filters all SMB connections for machines and only allow authorized connections."
https://www.vanimpe.eu/2017/05/13/limited-impact-wannacry-wcry-wannacrypt-ransomware/
"Most corporate environments will now filter SMB connections coming from the internet. In a lot of environments however internal SMB connections are allowed (do not forget the VPN!). You should reconsider this. Not all of your machines require incoming SMB (or RDP) connections. Most security suites now include a local host firewall. If you are not using a security suite you can use the build-in firewall of Microsoft. Deploy a policy that filters all SMB connections for machines and only allow authorized connections."
https://www.vanimpe.eu/2017/05/13/limited-impact-wannacry-wcry-wannacrypt-ransomware/
There's no known method yet that the REMOTE RDP SERVER/PC will infect you as the client. I'm assuming enough ppl looked through the CIA leaks, and most of the vulnerabilities have been ironed out.
Of course, I used "yet", as with everything, everything might be possible.
Of course, I used "yet", as with everything, everything might be possible.
Kimputer,
Agreed, over RDP, however going over a VPN which isn't configured very well, could pose issues I believe.
Agreed, over RDP, however going over a VPN which isn't configured very well, could pose issues I believe.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay so there is no way to hack via RDP?
Vpn have created rules to block all smb ports in our firewall but only for vpn users who use our vpn software.
I did not block vpn point to point.
Vpn have created rules to block all smb ports in our firewall but only for vpn users who use our vpn software.
I did not block vpn point to point.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We use win 10 fully patched and smb1is disabled in our network also
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cheers guys
ASKER
The "server" you're connecting to might be vulnerable (if not firewalled properly, and has open port 3389 to the internet). If that one becomes infected, your OWN CLIENT PC will not get infected.
As you can see though, you can even solve it for them, by installing the patch made by EnSilo (it's on the page of the URL you posted).
As you can see though, you can even solve it for them, by installing the patch made by EnSilo (it's on the page of the URL you posted).
In short, yes, if they open up a VPN, they could cause you issues.
Just ask them to update their machine