Microsoft has just announced the launch of a set of update patches to correct a critical vulnerability in Remote Desktop services. If exploited, the flaw could quickly spread over the Internet; according to information security services, the vulnerability affects previous versions of Windows, including those that are no longer supported by the company.
The vulnerability is considered critical as it
requires no user interaction or prior authentication. Although this flaw has
not been exploited in the wild, any variant of malware that can exploit it in
the future could spread rapidly through compromised networks in a similar way
to the outbreak of WannaCry
ransomware in 2017.
Given the impact on users of potentially
affected systems, Microsoft decided to launch updates also for Windows versions
that are no longer supported; updates will be available only through the
Microsoft Update catalog, report information security services specialists.
In the security report, Microsoft reports that
patches should be installed in the following versions of Windows:
- Windows
7 - Windows
Server 2008 R2 - Windows
Server 2008 - Windows
Server 2003 - Windows
XP
On the other hand, information security
services firms report that Windows versions that do not require updating are:
- Windows
8 - Windows
10 - Windows
Server from version Server 2012
The specialists emphasize the importance that
the administrators of the exposed systems install the updates as soon as
possible, because although so far the risk exists only at theoretical level,
the vulnerability remains critical and many the users exposed to a potential
exploitation.
As an additional security measure, specialists
from the International Institute of Cyber Security (IICS) recommend disabling
access to Remote Desktop Protocol (RDP) from the Internet if the user does not
really require that it is enabled. If it is necessary to enable this feature,
it is advisable to configure a virtual private network (VPN) with multifactor
authentication. Deploying network-level authentication is also a recommended measure;
however, the user is still required to install the update patches.
