Remote Desktop Services (RDP) Remote Code Execution Vulnerability
Integrity360 is actively monitoring a vulnerability which Microsoft has released affecting Remote Desktop Services. The vulnerability allows remote code-execution with potential to be exploited by new types of malware attacks similar to WannaCry.
The vulnerability exists in the way that the RDP service handles incoming requests. An attacker can send a malicious request to the RDP service and, due to improperly sanitised request handling, the target will execute the malicious code injected into the request.
An unauthenticated attacker targeting vulnerable systems with Remote Desktop Protocol enabled could exploit this flaw to gain remote code-execution.
Integrity360 recommends that clients implement the required updates for the May patch cycle in line with the existing patching schedule. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Microsoft also recommends the following two actions:
- Enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2
- Block TCP port 3389 at the enterprise perimeter firewall
Below are the links to further information about the vulnerability. We recommend you review this information if you are concerned about the impact to your business.
We will continue to monitor the situation and update this webpage as new information becomes available.
Integrity360 clients can email their account manager to query anything related to this vulnerability. Alternatively, please email email@example.com and we will arrange a follow up for you.