blog-3-image

Microsoft announces vulnerability to remote desktop services

We are in a time where vulnerabilities to the systems we use are increasingly leveraged against us for the illegal benefit of others.

The time-tested mantra of “no system is 100 percent secure” continues to echo in the minds of global users, but that doesn’t mean we’re helpless to defend our networks from the threats of the world. Even though hackers are a clever bunch, we should remain vigilant in our efforts to thwart the next compromise no matter how big or small it may be. If we all agree to be proactive in fortifying our defences, and we actually do so, then we are fulfilling our promise of delivering more secure and reliable services.

On May 14, Microsoft shared the news of a significant vulnerability with their Remote Desktop services. This vulnerability affects operating systems back to Windows XP and Server 2003 and is significant enough for Microsoft to warrant the release of patches to their Update Catalog for these unsupported operating systems. But in addition to XP and Server 2003, Windows 7 and Server 2008 are also vulnerable. Fortunately, Windows 8 and Windows 10 are safe.

According to a Microsoft blog post, “this vulnerability is pre-authentication and requires no user interaction” making it “wormable” and feasible for malicious code to rapidly travel from one vulnerable computer to the next. It is also very likely threat actors will write exploitation code to produce an outbreak similar to the now infamous 2017 WannaCry attack, which had its vulnerability and exploit code in the wild months before the outbreak occurred.

Microsoft issued security update CVE-2019-0708 titled “Remote Desktop Services Remote Code Execution Vulnerability” documenting the details and links to the essential patches. Unfortunately this is a manual update process for any out-of-support Windows XP and Server 2003 devices.

This type of development is why we need to reaffirm the importance of migrating devices to Windows 10 or Server 2019 if it is still being considered. Being able to mitigate the threat before it disrupts your business is very important for any business owner.

Now is the time to get ahead of the threat and prevent a repeat of WannaCry. If we are truly delivering on the promise to provide a more secure and reliable service, then all Windows XP, Windows 7, Server 2003 and Server 2008 devices in your business should receive these important updates right now.

Share this post

Looking for an affordable IT Partner for your business?

Premium IT have expert knowledge for your Business IT needs. Contact Us for an obligation free consultation today.

Request a free consultation

Complete the form below and we will contact you within 24 hours, if you would prefer a faster response please give us a call on (08) 9418 4119

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.