I performed a openVAS scan on a
Windows Server 2008 R2 and got a report for a high threat level vulnerability called
Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a
man-in-the-middle attack to gain access to a RDP session.
Affected Software is Microsoft RDP 5.2 and below.
My server uses RDP 7.1, is this alarm a false alarm?
Security Advisor Pages say: Solution Status Unpatched, No remedy…
It was fixed in 5.3, (actually 6.0 since there wasn’t a 5.3, but the vulnerability tests look for 5.3) so if you have 7.1 then it does not apply to your system.
Unfortunately it doesn’t appear to be possible to detect the exact RDP version remotely, as the RDP server returns the same version number for anything 5.0 and higher. This vulnerability, then, would always be reported if an RDP server is present on the target host.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.