Unintended File Downloads in Remote Desktop Environments: A Security Vulnerability

Remote Desktop Protocol (RDP) is a key technology that makes remote work and collaboration easier by enabling smooth access to remote systems and applications. However, current testing has revealed a worrying security flaw that could compromise users’ data integrity and system security in some versions of the Remote Desktop Application.

An unexpected behavior that arose during a routine lab experiment involving DLL injection via Microsoft Remote Desktop Protocol (RDP) raised concerns about possible security risks related to remote desktop environments.

After using the Remote Desktop Application Version 10.2 to inject a particular DLL into a process running on the remote computer, an unanticipated outcome appeared. Even though there are no file sharing settings set up between the local and remote computers, a file (calc. exe) was downloaded to the local computer automatically. This behavior presents a serious security risk because it downloads files to the local computer automatically without user input or explicit file sharing configuration. Such activities put sensitive data and system integrity at risk of accidental data transfer or the local system being infected by malicious code.

Extensive experimentation and validation verified that this behavior remained consistent throughout several tries. Before the process of DLL injection.