Microsoft RDS Arbitrary Remote Command Execution

OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C5 WASC-31 CWE-94

Microsoft RDS is Microsoft’s Remote Desktop Service that was introduced for implementing virtualisation for user end. The features of Microsoft’s RDS include deployment flexibility, cost efficiency and extensibility. There are many servers that use older versions of MDAC (Microsoft Data Access Components) that had a vulnerability that allowed an attacker to execute malicious commands on the server with unauthorised administrator access. This vulnerability exposes /msadc/msadcs.dll using VbBusObj or AdvancedDataFactory to insert shell commands into the Microsoft Access Database, ODBC/JET Data Source Name (DSN) and MSSQL. Updating the MDAC version will fix the issue. But if an attacker gets hold of msadcs.dll, he can perform remote command execution (But, not through RDS).

Impact

Using this vulnerability, an attacker can:-

  • gain unauthorised access to the server.
  • perform data breach
  • read, update and delete arbitrary data/tables from the database
  • Execute commands on the underlying operating system

Mitigation / Precaution

Beagle recommends the following impacts:-

  • Make sure to update MDAC to the latest version.

Latest Articles