Windows Remote Assistance Tool Can Be Used for Targeted Attacks

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
The Windows Remote Assistance tool that ships with all Windows distributions can be can be abused for clever hacks in targeted attacks.

Belgian security researcher Nabeel Ahmed discovered a vulnerability in this tool in February last year and reported it to Microsoft in October. A patch for the issue —tracked as CVE-2018-0878— was included with the March 2018 Patch Tuesday, released last week.
Click to expand...
Vulnerability ideal for data exfiltration
The vulnerability allows an attacker to extract any file from a victim's computer without the target's knowledge and upload it to a remote server.

Because of this, the vulnerability is perfect for data exfiltration and can be used to sneakily steal any file from a victim's computer.
....
....
Click to expand...
How the hack works
To understand how this vulnerability/hack works, users must first know how Windows Remote Assistance tool works.

As the name implies, this is a remote help tool, similar to TeamViewer, only it's made by Microsoft and bundled with all Windows versions since XP.

When someone requests help from another user via the Remote Assistance tool, the app generates a file named "Invitation.msrcincident."
...
...
Click to expand...
 
  • Like
Reactions: silversurfer, upnorth, Vasudev and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Windows: Side-Loading DLL attacks via licensingdiag.exe
Replies
0
Views
1,968
Security News
Gandalf_The_Grey
Gandalf_The_Grey
CyberPanther
    • Like
Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Replies
0
Views
895
Security News
CyberPanther
CyberPanther
Gandalf_The_Grey
    • Wow
    • +Reputation
Security News Over 90,000 LG Smart TVs may be exposed to remote attacks
Replies
1
Views
1,421
Security News
ForgottenSeer 109138
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top