Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 1 au 3 juin 2022.

Fuzzing Microsoft's RDP Client using Virtual ChannelsValentino Ricotta


Date : 01 juin 2022 à 15:00 — 30 min.

The Remote Desktop Protocol (RDP) is a proprietary protocol designed by Microsoft that allows a user to connect to a remote computer over the network with a graphical interface. Though server-side security has often been studied, the security of RDP client applications remains more peripheral. For all that, the richness of the protocol and the width of the attack surface make RDP clients valuable fuzzing targets.

This presentation describes how to leverage the WTS API to setup a fuzzing architecture for Microsoft’s RDP client based on WinAFL, and suggests a methodology targeting the Virtual Channels abstraction layer. Throughout a few channels such as those dedicated to sound redirection, clipboard, printers or smart cards, several bugs were identified, including two CVEs: an Information Disclosure and a Remote Code Execution.