Canadian TV, Computing and Home Theatre Forums banner

False Remote Assistance invitation?

3K views 5 replies 3 participants last post by  ScaryBob 
#1 ·
An odd thing happened yesterday. I received a Remote Assistance invitation from a colleague and he received one from me. What is odd is that he did not send it. Nor did I send one. In the past we have both sent and received invitations to each other.

I checked the IPs in the email header and it came from his computer through the expected channels. I realize that he could have a virus but the fact that we both sent invitations to each other within minutes seems odd.

I checked the IP listed in Invitation.msrcincident and it appears to be a LAN IP as it starts with a 10. Even if I click on it it was not going to connect to anything.

Anyone have any ideas? I suspect it is a glitch in the Remote Assistance service where any unsent invitations are automatically send after a set time. Sort of like re-dial. We had been testing the functionality a few months back. In fact, I have an expired invitation in the queue right now. It expired May 8th. That must be it.
 
#4 ·
Apparently there was an issue Microsoft warns: Expect exploits for critical Windows worm hole.

From the bulletin:

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.

The vulnerability, which affects all versions of Windows, was privately reported to Microsoft's via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild.

Although RDP is disabled by default, Microsoft is urging all Window users to treat this issue with the utmost priority.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,"

There was a flurry of patches... probably not what happened in your case but perhaps worth checking out.

http://www.zdnet.com/blog/security/...exploits-for-critical-windows-worm-hole/10745
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top