Microsoft Patches Major Remote Access Security Hole

It’s Bad Enough, Microsoft Issued Patches for Legacy Systems

Microsoft has recently released a critical update addressing a significant security hole found within their Remote Desktop Services. The security gap impacts multiple Windows versions, leaving Microsoft with no choice but to offer patches for all impacted operating systems, including legacy systems. Since patches are rarely issued for legacy operating systems, users should take this as a sign of the significance.

The operating systems that are believed to be compromised include Windows Server 2003 and XP, as well as Windows 7, 2008 R2, and 2008 for PCs. The downloadable patch for in-support systems can be found in the Microsoft Security Update Guide and in KB4500705 for out-of-support systems. 

The Herjavec Group has sent out at Threat Advisory email, stating,

It is critical that organizations apply the patch as soon as possible because this vulnerability is “wormable”, meaning it is pre-authentication and requires no user interaction. An exploit for this weakness could be used to create malware that would spread similarly to WannaCry and other recent worms.

If users are not able to apply the necessary patches, other controls to mitigate risk exposure include:

  • Enabling Network Level Authentication (NLA) for Windows 7 and Windows Server 2008 (and 2008 R2) systems (preventing the spread of malware leveraging this vulnerability)
  • Blocking TCP port 3389 at the border (preventing unauthorized requests or access from the Internet)
  • Disabling Remote Desktop Services (only if not required)

To date, researchers have not been able to find any malware campaigns exploiting this vulnerability. However, that is not to say it won’t be done. Now that this is public information, it is almost guaranteed hackers will begin exploiting this weakness sooner, rather than later.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

Honda Hacked

Photo by Will Hough on Unsplash Honda’s Global Operations Haulted Automobile giant Honda confirmed today that they’ve been the victim of a cyberattack. The company released a statement

Read More