Remote Desktop Vulnerability discovered in Windows XP, Windows 2003 & Windows 7.
A recent update from Microsoft addresses a vulnerability in the Remote Desktop Service used in older versions of Windows, namely Windows XP, Windows Server 2003 and Windows 7. Given that both XP and Windows Server 2003 has been End-of-Life for a few years now, this is an unusual action for Microsoft.
Here’s what Microsoft is saying about the vulnerability:
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.”
By releasing this update, it’s likely that Microsoft is just trying to prevent a serious security issue for anyone still running older Operating Systems. As you may know, there are still quite a few users still using Windows 7 and even Windows XP. NetMarketShare reports that around 36% of users are still using Windows 7 and over 3% are still using Windows XP. While Windows 7 is still supported at the moment, it will soon be going End-Of-Life as well.
Simon Pope from Microsoft has this to say:
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware”.
If you are still running Windows 7 or XP, we strongly suggest installing this update as soon as possible. As a better long term solution, SandStorm IT encourages everyone to update to Windows 10 as soon as possible to avoid potential security risks. If you have any questions about operating system security or any other technology questions, please contact SandStorm IT at 901-475-0275.