Microsoft improves Remote Desktop Services security

Microsoft improves Windows security by releasing a patch — CVE-2019-0708 — for Remote Desktop Services. The vulnerability allowed people to run code on computers or servers without having logged in.

Flawed Remote Desktop Services security has been responsible for many cyber attacks and hacked computers and networks. Microsoft’s patch addresses just one vulnerability which used to allow people to send specifically made requests to connect to Remote Desktop in such a way that they would become able to run code on the remote system.

This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

The patch applies to Windows Server 2008 and Windows 7 and was included in the latest update. The newer Windows versions, Windows 8 and 10, were not affected by this security bug because Microsoft takes security more seriously now than before. And this includes securing older Windows versions.

The older systems (Windows XP and Windows Server 2003) have the patch available (though they need it downloaded manually), despite Microsoft officially no longer supporting them (https://support.microsoft.com/en-gb/help/4500705/customer-guidance-for-cve-2019-0708). These old operating systems are still used by many businesses and organisations, and their vulnerabilities have helped the infamous WannaCry cripple some very big companies with its file-encrypting virus.

Now viruses like WannaCry will have a harder time infecting the updated Windows servers and computers. Criminals have long been exploiting Remote Desktop Protocol to install ransomware to exploit businesses and organisations. Ransomware is still very lucrative to criminals because big compaines often cannot afford to lose any time and have their functioning interrupted, which is why they choose to pay the ransom, however expensive that is.

To avoid infections by ransomware, spyware, and other malicious programs, it’s very important for people and organisations running Windows 7, XP, Server 2003, and 2008 to install the patch quickly because many developers of malware have targeted vulnerabilities that were recently patched. Sometimes a security vulnerability only becomes known to criminals once it’s fixed, but they still develop a virus because they know that some systems will not be secured quickly enough.

The problem with some organisations Is that they have a complicated system set up that works well and is difficult to replace. Any changes, including updates, can be risky. Sometimes a well-functioning system does not seem worth messing with, until a serious cyber attack.

Despite all the security flaws, Remote Desktop is a very useful tool for both businesses and individuals. It enables people to work from home without having to trust those people to not accidentally leak important files. Any operating system, any computer can connect to a remote desktop, so users are not limited by their hardware. The people connecting can do whatever their account privileges allow them, including installing software.

The CVE-2019-0708 patch does not help people protect their systems from attackers that know the login credentials. Nor does it mean that the other ways of securing Remote Desktop connection are unnecessary. It’s still worth it to disable RDP when it’s not needed, enable additional authentication, and take other measures to protect your server/computer.

Source: naked security by Sophos