Extremely critical vulnerability identified in Microsoft Remote Desktop Services
Microsoft have released a security bulletin regarding a bug identified in Remote Desktop Services on Windows that can allow an attacker to gain access to your systems and data. Just about every recent Windows operating system that has RDP enabled is vulnerable.
This type of exploit will quickly be added to the arsenal of malware authors and hackers, and in theory can be automatically executed across thousands of computers on the internet robotically, so it is extremely important to ensure that your systems are patched appropriately. Even if you do NOT have publically accessible remote desktop servers, we still urge patching because it will not take long for the malware authors to incorporate this exploit into their toolkit, and by infecting one of your PC’s inside your network, they could then go on to compromise your server & data even if it is behind a firewall.
From Microsoft’s site:
This security update resolves a vulnerability in Windows that could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system that has the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. To learn more about this vulnerability, see Microsoft Security Bulletin MS15-067.
The affected operating systems are:
- Windows Server 2012 Datacenter
- Windows Server 2012 Standard
- Windows Server 2012 Essentials
- Windows Server 2012 Foundation
- Windows 8 Enterprise
- Windows 8 Pro
- Windows 8
- Windows Server 2008 R2 Service Pack 1
- Windows 7 Service Pack 1
For all of our clients on computerCare, activCare, and serverCare, will have their systems patched over the next few days – servers are due to be patched this evening during the standard maintenance window.
For clients not on the above service plans, we will be in touch with you directly (we may have already by the time you read this) to arrange patching of your systems.
Should you have any queries please do not hesitate to contact us.