Windows Remote Assistance tool, which is shipped with all the new Windows packages, can be abused by hackers in clever new targeted attacks, as discovered by researchers. Nabeel Ahmed, who is a security researcher based in Belgium, discovered the vulnerability and potentially dangerous capability of the Windows Remote Assistance tool, in February of 2017, which was then relayed to Microsoft 8 months later.
A patch, which supposedly prevents this from happening, was deployed, as part of the March 2018 patch.
The nature of the vulnerability is that it allows for a hacker to remotely remove any file that they choose from the computer of a victim and upload it on to a remote server. All of this is done without the victim being aware that the attack is happening,. Or that their file, which may very well contain some sensitive data, has been removed from their computer. The data exfiltration aspect makes the capability of the tool especially dangerous, however, there is some relief in the fact that this cannot be exploited on a widespread level, since there is some social engineering that goes into making it work, such as convincing a user to allow for a remote accessing assistance session.
The hack works by a user inviting another user for a remote accessing session, to assist with a problem which they might have encountered. This allows the ‘helper’ to gain access to their system, which has the potential to result in the aforementioned damage. This could even result in the loss of a significant amount of data, in the hands of a proficient hacker, who could simply utilize the access to steal any file of their choosing from the victim’s system.
Microsoft has already shipped patches for users of Windows 7, as well as later operating systems. On systems using Windows 10, the almost obsolete Remote Assistance application has been replaced with Quick Assist, a newer tool which does not have this capability, seeing as it uses invitation codes instead of files. This allows for safer usage of the remote assistance option.
