Let us know your thoughts in the comments.Interested in learning about remote desktop security ? Since the patches are out with the latest releases, users must ensure updating their systems with the newest client versions. Consequently, the respective vendors started developing and releasing fixes to address the matter. Patches Releasedįollowing this discovery, the researchers reached out to Eltima, Amazon, and other vulnerable entities. This includes gaining access to unpatched machines and spreading laterally on the target network. In the case of organizations, such attacks could have even more devastating consequences. Since it also involves remote desktops, exploiting the bugs would also affect remote systems. Exploiting the bugs could allow privilege escalation, ultimately allowing an attacker to meddle with the target system, disable security programs, overwrite system components, and more. The same product, with some modifications, is used by Amazon WorkSpaces to enable its users to redirect USB devices to their remote desktop, allowing them to connect devices such as USB webcams to Zoom calls directly from the remote desktop.Īs elaborated in their report, these vulnerabilities affect cloud service consumers as well. Eltima develops a product called “USB Over Ethernet”, which enables remote USB redirection. The WSP protocol consists of several libraries, some of which are provided by 3rd parties. Regarding how Workspaces utilize Eltima SDK, the researchers explained, However, the researchers only validated their findings for AWS Workspaces. Consequently, the vulnerable providers include Amazon Workspaces, NoMachine, Accops, and others. The vulnerabilities specifically originated from a specific library that many cloud providers use. These flaws typically existed in the Eltima SDK providing USB over ethernet capability to many cloud services. Researchers from Sentinel Labs found multiple security flaws affecting cloud services. These include the popular Amazon (AWS) Workspaces, NoMachine, and more.
Multiple security flaws affected USB over Ethernet, which, in turn, affected numerous cloud services.
0 kommentar(er)
