Microsoft RDS Arbitrary Remote Command Execution

By
Manieendar Mohan
Published on
02 Jul 2018
Vulnerability

Microsoft RDS is Microsoft’s Remote Desktop Service that was introduced for implementing virtualisation for user end. The features of Microsoft’s RDS include deployment flexibility, cost efficiency and extensibility. There are many servers that use older versions of MDAC (Microsoft Data Access Components) that had a vulnerability that allowed an attacker to execute malicious commands on the server with unauthorised administrator access. This vulnerability exposes /msadc/msadcs.dll using VbBusObj or AdvancedDataFactory to insert shell commands into the Microsoft Access Database, ODBC/JET Data Source Name (DSN) and MSSQL. Updating the MDAC version will fix the issue. But if an attacker gets hold of msadcs.dll, he can perform remote command execution (But, not through RDS).

Impact

Using this vulnerability, an attacker can:-

  • gain unauthorised access to the server.
  • perform data breach
  • read, update and delete arbitrary data/tables from the database
  • Execute commands on the underlying operating system

Mitigation / Precaution

Beagle recommends the following impacts:-

  • Make sure to update MDAC to the latest version.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.