Date : 01 juin 2022 à 15:00 — 30 min.
The Remote Desktop Protocol (RDP) is a proprietary protocol designed by Microsoft that allows a user to connect to a remote computer over the network with a graphical interface. Though server-side security has often been studied, the security of RDP client applications remains more peripheral. For all that, the richness of the protocol and the width of the attack surface make RDP clients valuable fuzzing targets.
This presentation describes how to leverage the WTS API to setup a fuzzing architecture for Microsoft’s RDP client based on WinAFL, and suggests a methodology targeting the Virtual Channels abstraction layer. Throughout a few channels such as those dedicated to sound redirection, clipboard, printers or smart cards, several bugs were identified, including two CVEs: an Information Disclosure and a Remote Code Execution.