0

I have read several sources indicating that RDP may have some vulnerabilities. Without delving into that, is RDP wrapper any more or less secure than the built-in RDP, when it is enabled?

I read several sources, including (see below) 1) this, 2) this, and others. Many mention security issues with RDP Wrapper.
On one hand, I am not certain about possible bias. As an example, anyviewer.com is a site that provides "A safe alternative to RDP wrapper" ("here we recommend AnyViewer")... That is at least an orange light for bias. Likewise, I wouldn't know about ncomputing.
On the other hand, and assuming the technical arguments behind the issues mentioned are correct, they do not mention if those same issues are or are not present with the built-in RDP, when it is not disabled. So this is another route for concealing potential bias against RDP Wrapper.

In the example links:

  1. "RDP Wrapper adds a weakness to the system by opening a gateway". Does the built-in RDP not open a gateway? Is there a complementary way to avoid this?
  2. "It opens a gateway..." Similarly, does the built-in RDP not open a gateway?
    "Windows security update breaks RDP Wrapper" This is a reference to non-specified sources, and it does not specify which updates break RDPW.
    "ServHelper is an example of malware..." It does not clarify, nor does it provide references, on whether using RDPW leaves the system in a state more vulnerable to ServHelper than the built-in RDP.
    My conclusion is that this is a very sloppy description, of possibly relevant information... but I don't know.

Plus:

  1. Project README. I don't see any clear indication of vulnerability issues. I wouldn't expect them to be listed upfront in their own site, anyway.

I.e., is there any known (versus potential) added, or suppressed, vulnerability brought about by RDP Wrapper, that would not be present in a similar (even if not exactly the same) system with the built-in RDP, when it is enabled?
I am using Windows 11, in case the OS is of any relevance for the question.

sancho.s ReinstateMonicaCellio
  • 434
  • 3
  • 9
  • 1
    I'm not sure about the comparison with built-in RDP. From my understanding RDP wrapper just makes the built-in RDP usable on systems where it is not enabled due to license restrictions. So the security issues which are already present in the built-in RDP are now exposed to potential attackers. – Steffen Ullrich Sep 02 '22 at 11:47
  • @SteffenUllrich - I am not sure I understand. From what you say, I guess you mean that there are **no differences** in vulnerability between: 1) a system which has a built-in RDP which **is** factory-enabled and operative, and 2) a system which has a built-in RDP which **is not** factory-enabled, but which uses RDP wrapper. I.e., in case 1 all "the security issues which are already present in the built-in RDP" will be equally "exposed to potential attackers" as in case 2. But **nothing more than that** (this is the important part). Is that correct? – sancho.s ReinstateMonicaCellio Sep 02 '22 at 12:41
  • So ... your question is just asking for confirmation of the security issues you already knew about? That's not how your question is phrased. – schroeder Sep 02 '22 at 14:22
  • @schroeder - I don't see it that way... I edited the OP to reflect this exchange, and clear a little the clutter. 1) There were no issues **I knew** about. As I said, the links I read didn't seem *to me* clearly unbiased. 2) The links didn't delve into *the difference* RDP vs. RDP Wrapper. Hopefully this clarifies my point of view. – sancho.s ReinstateMonicaCellio Sep 02 '22 at 14:38
  • So, you knew about them, but questioned the bias of the articles? Did you check their assertions? Adding that prior research would have been just as helpful as your addition that you had read about vulnerabilities in RDP itself ... Are you not clear about what RDP Wrapper does, then? I'm just not getting the sense that you've looked into this. And it doesn't look like you've properly read the articles you linked. – schroeder Sep 02 '22 at 15:03
  • @schroeder - I might have not read *properly* the articles. That might be a consequence of my illiteracy on security. Upon rereading them, I still don't see the answer to the question... and I explained why in the OP and in comment. Perhaps you are assuming I know things I don't know, and which are precisely at the origin of my question. – sancho.s ReinstateMonicaCellio Sep 02 '22 at 16:22
  • I'm not assuming that you know things. I'm asking that you pose a logical question after performing research. If you have done the research, reference it. The articles are not written for technical audiences, so it has nothing to do with illiteracy. What you have *stated* is that you have read these things, but rejected them. Which means you are applying your own logic to what you now admit you didn't understand. This is not a great way to ask the question. – schroeder Sep 02 '22 at 22:45
  • The "gateway" point you raise is already covered by the articles (one quotes the other). So that's already answered for you. "Windows security update breaks RDP Wrapper" -- this is explained ***in depth*** by the project itself. So, honestly, it looks like you are trying to invent confusion to justify the question you could have answered yourself. – schroeder Sep 02 '22 at 22:51

1 Answers1

0

RDP Wrapper replaces a Windows OS DLL file with an alternate DLL in order to enable built-in RDP.

Therefore:

  • whatever vulnerabilities RDP has, you expose when you use RDP Wrapper to enable RDP
  • you expose the device to whatever vulnerabilities this custom DLL might have (note that the program was last updated in 2017)

Might RDP Wrapper fix any RDP vulnerabilities inherent with RDP because it replaces a DLL? No. It doesn't replace the Remote Desktop/Terminal Services DLL.

All this information is found in the links you provided and in the notes for the project itself.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • I edited the OP. I am surely missing something. 1) I am not seeing in the README (and I acknowledge I read it before with less detail than now) a dll that is replaced. Would you mind quoting it? I am only seeing an extra `rdpwrap.dll`. 2) "... whatever vulnerabilities this custom DLL might have..." Agreed 100%, in potential terms. But this doesn't mean there is any so far identified. Whether one is willing to take the risk for that *potential* extra vulnerability is a different topic. So far, I still don't find the question is answered... – sancho.s ReinstateMonicaCellio Sep 02 '22 at 16:19
  • Oh, are you asking if there are known vulnerabilities in the program? You didn't ask for that, and that's off-topic (as the answer to that can change from day to day). The general, applicable principle is that a 5 yr old, unmaintained program introduces both the risk of vulnerabilities and the risk that even if one was found, it would not be fixed. I'm not sure why one would need more than that, even if there were known and named vulnerabilities. This answers your question. – schroeder Sep 02 '22 at 22:41
  • I value the contribution of knowledgeable people like you for the community. But in this case I still disagree... 1) In the boldfaced question I am asking exactly what you say. Do you mean I should have added the word "known" vulnerability, so people don't confuse it with "potential"? I guess that is very evident. 2) "That can change day to day". This argument sort of surprises me. I guess that applies to most answers to any question, if not 100%. – sancho.s ReinstateMonicaCellio Sep 04 '22 at 08:39
  • 3) "The general..." may be an acceptable answer, for an acceptable question. Which, against the lack of knowledge of "specific", "known" vulnerabilities (which for me is the clear target of the question), may help one deciding whether to use it, and when. But why thinking it obliterates any other possible answer from people who may "know" about "specific" cases? I think shutting down an OP on this basis is kind of absolutistic. 4) I still don't see which Windows OS DLL is replaced by RDPW. That is specific info that is useful (even if not answering directly the question). – sancho.s ReinstateMonicaCellio Sep 04 '22 at 08:47
  • If anyone asks "what known vulnerabilities does this have?" It's off-topic because the answer could change which each new discovered vulnerability. This is a long-standing rule here. It's the same problem with the question "what product/service does X?" They don't "age" well. It's not about being 100% accurate, it's about the changeable nature of the subject. – schroeder Sep 04 '22 at 08:47
  • Well, I cannot contend that rule with the reasoning behind you are quoting. I didn't know it, and I think it is diametrically opposite the objective of this site. You are a mod, so you surely know better. So I might be simply polluting the site, and the OP would be worth closing. Yet, I still see you might be providing incorrect information about a "replaced" DLL (without specifying which), and not clarifying that. – sancho.s ReinstateMonicaCellio Sep 04 '22 at 08:57