Windows Remote Assistance Tool Can Be Used for Targeted Attacks

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
The Windows Remote Assistance tool that ships with all Windows distributions can be can be abused for clever hacks in targeted attacks.

Belgian security researcher Nabeel Ahmed discovered a vulnerability in this tool in February last year and reported it to Microsoft in October. A patch for the issue —tracked as CVE-2018-0878— was included with the March 2018 Patch Tuesday, released last week.
Vulnerability ideal for data exfiltration
The vulnerability allows an attacker to extract any file from a victim's computer without the target's knowledge and upload it to a remote server.

Because of this, the vulnerability is perfect for data exfiltration and can be used to sneakily steal any file from a victim's computer.
....
....
How the hack works
To understand how this vulnerability/hack works, users must first know how Windows Remote Assistance tool works.

As the name implies, this is a remote help tool, similar to TeamViewer, only it's made by Microsoft and bundled with all Windows versions since XP.

When someone requests help from another user via the Remote Assistance tool, the app generates a file named "Invitation.msrcincident."
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top