29.12.2024 –, Bühne HUFF
Sprache: English
This session explores a vulnerability in the RDP client (mstsc.exe) that leverages classic hacking techniques. By exploiting how resources are loaded, attackers can achieve Remote Code Execution (RCE). The issue highlights critical risks across systems. A security patch, CVE-2023-24905, has been released to address this vulnerability.
This talk uncovers a vulnerability in the RDP client that stems from classic hacking methods. By exploiting resource-loading behavior, attackers can craft a chain of techniques to manipulate memory and execute malicious code. The session highlights the discovery, the risks involved, and the mitigation efforts, including the release of a security patch to address the issue.
.