Service:
vmrdp
Protocol:
TCPPort:
2179Used for:
Port 2179 (TCP) is used by Microsoft Hyper-V to support RemoteFX and Remote Desktop Virtualization Host (RDVH) features for enhanced virtual desktop experiences.Why It’s Open
Port 2179 is used by Microsoft’s Remote Desktop Virtualization Host (RDVH) and Hyper-V RemoteFX features. This port enables communication between the Hyper-V host and virtual machines, particularly for enhanced graphical performance and redirection features over RemoteFX.
Common Risks
While port 2179 is used for legitimate virtualization features, exposing it to untrusted networks—especially the internet—can present serious risks:
- Unauthorized Remote Access
Improperly secured or misconfigured RDVH instances can allow attackers to interact with virtual machines. - Privilege Escalation via Hyper-V Interfaces
Older or unpatched versions of Hyper-V and RemoteFX may allow privilege escalation or VM escape. - Exploitation of RemoteFX Vulnerabilities
RemoteFX has a history of critical vulnerabilities and was deprecated due to security concerns. - Information Disclosure
Misconfigured systems may leak VM metadata or configuration details during RDP negotiation over port 2179.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 2179Check for service banner:
nmap -sV -p 2179Scan for RDP/RemoteFX support:
rdpscanNote: Port 2179 is not used for standard RDP (which is 3389), but supports RDP extensions used by Hyper-V.
What to Look For
| Checkpoint | What it means |
|---|---|
| Port 2179 open externally | Hyper-V remote desktop feature exposed to the internet |
| RemoteFX enabled | Legacy feature with multiple known security flaws |
| Outdated Hyper-V or RDVH | Potential exposure to privilege escalation or RCE |
| No access controls in place | Any user may initiate a connection to the host |
Mitigation
- Restrict Access to Port 2179
Block access from external/untrusted IPs via firewall rules or network ACLs. - Disable RemoteFX
RemoteFX has been deprecated by Microsoft due to severe vulnerabilities—disable it unless absolutely necessary. - Apply All Hyper-V & Windows Patches
Ensure Hyper-V and associated services are fully updated. - Use Network Segmentation
Place Hyper-V management interfaces on isolated VLANs or management networks. - Audit RDP Settings
Review RDP session broker and RDVH configurations for exposure or misconfigurations.
Known CVEs and Exploits
- CVE-2020-1036 – RemoteFX vGPU remote code execution vulnerability.
- CVE-2020-1043 – RemoteFX vGPU elevation of privilege in Hyper-V.
- CVE-2021-34535 – Windows RDP service memory corruption (affecting extended RDP services like RemoteFX).
- Microsoft advisory deprecating RemoteFX