The aim of this advisory is to warn Remote Desktop users about the feasibility of invisible man-in-the-middle attacks against Microsoft Terminal Services. This is an update of Erik Forsberg’s advisory released in April 2003 available at the following link: http://www.securityfocus.com/archive/1/317244. In short, mitm attacks on RDP protocol are still possible and they can be completely invisible for Terminal Services users.
This advisory is born after experiments and researches on the following environment:
– Terminal Server software: Microsoft Windows Terminal Services using RDP v5.2
– Terminal Server Client software: Microsoft Remote Desktop for Windows XP v5.1.2600.2180
File (PDF) rdp-gbu.pdfÂ