This month Microsoft have released an update for Windows Remote Desktop to patch a significant vulnerability – the vulnerability allows an attacker to remotely run code on any unpatched machine without any need to log in.

Vulnerabilities

• Windows Server 2003
• Windows Server 2008
• Windows Server 2008 R2
• Windows XP
• Windows 7

Implications

An attacker who successfully exploits this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Given how prevalent remote desktop is, it is highly likely that self propagating malware worms will be released by attackers over the internet directly and as email or webpage based attacks.

This vulnerability has the potential to be weaponized and deployed quickly and is already being compared to Wannacry though at this point this is presumptive / sensationalism, but the danger is very real and hence this out of band communication about the risk. Microsoft have considered this to be such a level of risk that they have created patches for the long unsupported Windows XP / Server 2003.

Recommendations

We recommend deploying the patch to all relevant machines asap, please bear in mind any legacy devices such as point-of-sale, kiosk, building / door control systems. Customers with vulnerability management with us will be notified of any at risk machines.

If you have any questions please feel free to get in touch.

You can see the full Microsoft blog post HERE