A new critical vulnerability exists in RDS (Remote Desktop Service), and Microsoft released a software patch to fix older versions of Windows. Windows 7, XP, Server 2008 and Server 2003. These devices are all extremely vulnerable and potentially exposed to worm-type attacks.

The vulnerability risk is so great that Microsoft even released updates for platforms no longer supported. No active exploits are known to be being utilized at this point, but diligence in patching systems external facing systems is recommended.

This is a high-level overview of the RDS rick and protection options you can take.

Microsoft Remote Desktop Service Risk: What you need to know

* Extremely dangerous if enabled on Internet facing and poorly segmented hosts

* An unauthenticated attacker connects to a vulnerable system using RDP (also known as Terminal Services) using specially crafted requests.

* This vulnerability is pre-authentication and requires no user interaction

* May result in malicious code being executed on the system with full user rights

* Potentially “wormable” similarly to other ransomware

* Can be used by attackers to move laterally exploit other systems or install backdoors to maintain access even if this gets patched in the future…

* Often used for ease of access or left enabled by default…

Microsoft Remote Desktop Service Risk: Solutions to Remediate

* Patch on supported platforms (including Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows XP, Windows XP Embedded and Windows Server 2003)

* Consider improved host isolation, network segmentation, perimeter firewalls and multiple zones/conduits to reduce exposure

* Use alternative technologies such as VPNs for secure remote access to provide extra layers of protection

Microsoft Remote Desktop Service Risk: Other workarounds

  • Block inbound RDP traffic (TCP 3389)
  • Enable NLA (Network Level Authentication)
  • Disable Remote Desktop Protocol (RDP) services where patching is not possible

Related Resources

Whitepaper

Verve Value Prop

This document outlines how the Verve Security Center (VSC) platform provides far greater insights and coverage for asset awareness and system monitoring through our superior architecture and also includes patch management, configuration management, incident response, and other requirements of the NIST CSF. The following sections walk through the origin and philosophy of Verve and examine how our solution works and offers comparatives to other technology options often seen in the market.

Read the Story
Webinar

Get Ready for CMMC: Improve OT Cyber Maturity in 30 Days

Prepare for CMMC compliance by creating a roadmap that improves OT cybersecurity maturity quickly, demonstrates action for your executives, and provides a long-term strategy for effective risk management.

Read the Story
Blog

ICS Security Achievements in 2020

Looking back at what Verve accomplished for the OT security industry in 2020 and looking ahead to predictions for 2021

Read the Story

Subscribe to stay in the loop

Subscribe now to receive the latest OT cyber security expertise, trends and best practices to protect your industrial systems.