Windows RDS Vulnerability

News & Technical Blog

Microsoft has released a patch in May which will rectify over 70 vulnerabilities, which perhaps most importantly resolves an issue whereby malware can exploit systems and devices running Remote Desktop Services (RDS), which used to be known as Terminal Services. This is being treated as one of the biggest threats in recent years but has not made it to mainstream media so many people are unaware of the threat.

The vulnerability could provide easy access for an opportunist hacker to infiltrate a system undetected by the user. Requests are made through bespoke requests directed towards the servers RDS using the Remote Desktop Protocol, or RDP.

Interestingly, Microsoft has released patches for older systems such as XP and Server 2003, which are no longer updated or supported by Microsoft. The Patch also fixes the issues in newer Operating Systems such as Windows 7 and Server 2008, which still have relatively large user bases despite their end of life rapidly approaching in 2020.

The risk to business users globally is significant, particularly in the industrial sectors as RDS is used heavily for remote access purposes, allowing personnel to use a variety of control systems. This sector is also more likely to be running older operating systems that are no longer monitored or patched as frequently as newer Microsoft OS iterations.

This is not the first occasion such an exploit has been found. As recently as 2017, the WannaCry Ransomware targeted EternalBlue, the cyber-attack exploit used by the National Security Agency (NSA) in the US.

Those running Windows Server 2012 or above, and similarly Windows 8 or above need not worry as these newer operating systems are already protected from the exploit.

Since the initial release of the CVE a number of proof of concepts have now been developed by security researchers, which show how the vulnerability can be exploited and demonstrates the severity of the vulnerability – in particular with how many servers are out there that expose RDP publicly.

Please find the link to the patch below:

For more information on the above, or for advice if you are unsure if you are adequately protected against the exploit, then please contact us via telephone on (01622) 524200.

By on May 29th, 2019