Fuzzing [BlackHat Asia 2024] A Glimpse Into The Protocol: Fuzz Windows RDP Client For Fun And Profit

[weaver]

Description

At the end of June 2023, we decided to conduct vulnerability research on the Windows RDP client. Initially, we read some publicly available blogs and modified two open-source Windows RDP fuzzing projects. During this process, we successfully identified an old Windows RDP client vulnerability but did not discover any new vulnerabilities.

Just when we were hesitating, we studied Yuki Chen's presentation slides at Blackhat USA 2023. Subsequently, we decided to incorporate race conditions into the vulnerability research of the Windows RDP protocol, leading us to eventually uncover several remote code execution vulnerabilities in Windows RDP client.

This presentation will share the entire process of our Windows RDP client vulnerability research: why we chose Windows RDP as the target, how we collect public information to initiate research, how we modified open-source fuzzing tools to improve them, and how we overcame challenges to discover several remote code execution vulnerabilities in Windows RDP clients. We will also share details of the discovered Windows RDP client vulnerabilities.

At the end of this presentation, we will integrate the experiences mentioned above and give some recommendations for Windows RDP vulnerability defence.

blackhat.com/asia-24/briefings/schedule/#a-glimpse-into-the-protocol-fuzz-windows-rdp-client-for-fun-and-profit-37629

slides
i.blackhat.com/Asia-24/Asia-24-Shi-A-Glimpse-Into-The-Protocol.pdf