[ad_1]
Microsoft has posted a fix for a vulnerability in its remote desktop services that may be exploited remotely, via RDP, without authentication and used to execute arbitrary code:
There is a remote code execution vulnerability in Remote Desktop Services (formerly Terminal Services) when an unauthenticated attacker connects to the target system by using RDP and sends errors. specially crafted queries. This vulnerability is a pre-authentication and does not require any interaction from the user. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs. View, edit, or delete data or create new accounts with full user rights.
It's worse than that.
The fixes are included in the versions of Windows 7 and Windows 2008 (see Security Notice for the full list) as part of Microsoft's latest hotfix on Tuesday. Fixes are also available for versions of Windows XP and Windows 2003 (see the customer's guide for the complete list).
The flaw is considered a "dewormer", which means that it has the potential to be used in malicious programs that spread on and between networks. Millions of computer networks around the world are connected to the Internet via RDP, often deliberately, sometimes not, and none of them running any of the affected operating systems is a potential gateway to a network. of victims.
Given the number of targets and the potential for explosive and exponential propagation, we suggest treating it as a matter of knowing when, not if the fix is reversed and an exploit created, so you should update immediately. For more information, see the section What to do? From this article. section.
The fact that Microsoft has taken an exceptional step by publishing patches for Windows XP and Windows 2003 is instructive.
Given the potential impact on customers and their businesses, we decided to make security updates available for platforms that are no longer part of standard support. We recommend that customers running one of these operating systems download and install the update as soon as possible.
In the five years since the end-of-life date of Windows XP and 2003, Microsoft has released numerous fixes for critical issues in its family of operating systems that did not support its retired products. This is only the case of the embargo four times, including this one, especially during the WannaCry epidemic in 2017.
WannaCry is a worm ransomware that has spread around the world in one day exploiting a flaw in Microsoft Small Business Software version 1. The worm had no trouble finding hundreds of thousands of Windows systems to infect despite the age of the software and a patch released the previous month.
As if to demonstrate our continued collective failure to learn from the importance of the correction, WannaCry was followed a little over a month later by NotPetya, another global ransomware outbreak using the same exploit.
What to do
Whatever you do, patch.
If for some reason you can not apply the hotfix immediately, Microsoft offers the following solutions:
- Enable Network Level Authentication (NLA). This forces a user to authenticate before RDP is exposed to the attacker. All affected systems do not support NLA.
- Disable RDP. If RDP is not running, the vulnerability can not be exploited. As obvious as it may seem, some organizations are unable to work without RDP, and some perform it without being aware of it.
- Block TCP port 3389. By blocking port 3389 (and any other ports you have assigned to RDP) at the perimeter, you will prevent an attack from entering your network, but you will not be able to prevent an attack from coming from your network.
[ad_2]
Source link