Remote Keyboard Desktop is a remote desktop application that allows users to access and control their computers from another device. This vulnerability allows attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.
You're affected if you use Remote Keyboard Desktop version 1.0.1. Check with: dir /b remotekbd.exe (for Windows) or find . -name remotekbd (for Linux/Mac). Note that this vulnerability is specific to the Remote Keyboard Desktop application and not related to other remote desktop software.
Upgrade to version 1.0.2 or later from the official website: https://remotekbd.com/download/
- Immediate mitigations:
- Restrict network access to your Remote Keyboard Desktop instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation