Security Alert: Urgent – Microsoft Windows Remote Desktop Services
Date:
2019-05-15 17:45:00
Status:
Closed
Brief Description:
This is notice of a new vulnerability, similar to wannacry, which Microsoft has now patched. These patches will be distributed through central patching: Windows 7 and Server 2008 R2. Manual patches available for Windows XP/Vista and Server 2003.
Current Status:
The IT Security Office has identified the urgent security risk and advises making patches and taking the other precautions as detailed in the full description of the issue.
Services Affected:
Not Applicable
Full Description:
This is notice of a new vulnerability, similar to wannacry, which has just been patched by Microsoft. Microsoft’s description of the vulnerability follows:
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using Remote Desktop Protocol (RDP) and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
“To exploit this vulnerability, an attacker would need to send a specially crafted request to the target system’s Remote Desktop Service via RDP.”
Patching of supported OSs (Windows 7, Server 2008 – 2008R2)
This patch will be made available to systems using central patching Friday, with the standard Tuesday deadline. The IT Security Office (ITSO) recommends patching this vulnerability as soon as you can. Another mitigation would be disabling RDP where unnecessary, and restricting inbound RDP to known trusted networks.
This patch will be deployed to managed servers during their normal patching windows, beginning tonight at midnight. Use the following link to see when your servers will be patched:
http://sfinfo.cit.cornell.edu/sfinfo_app/htdocs/areamgrpatch_win.php
Patching of unsupported OSs (Windows XP – Vista, Server 2003)
For those who have unsupported Windows XP/Server 2003 systems, Microsoft has issued a patch for these systems because of the severity and widespread impact of the vulnerability. If you still have devices running these unsupported operating systems, please take this opportunity to replace them with supported operating systems (if possible), harden them by disabling unnecessary services, or apply stricter firewall rules.
The patches for these unsupported systems can be manually obtained from Microsoft here:
http://www.catalog.update.microsoft.com/Search.aspx?q=4500331
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using Remote Desktop Protocol (RDP) and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
“To exploit this vulnerability, an attacker would need to send a specially crafted request to the target system’s Remote Desktop Service via RDP.”
Patching of supported OSs (Windows 7, Server 2008 – 2008R2)
This patch will be made available to systems using central patching Friday, with the standard Tuesday deadline. The IT Security Office (ITSO) recommends patching this vulnerability as soon as you can. Another mitigation would be disabling RDP where unnecessary, and restricting inbound RDP to known trusted networks.
This patch will be deployed to managed servers during their normal patching windows, beginning tonight at midnight. Use the following link to see when your servers will be patched:
http://sfinfo.cit.cornell.edu/sfinfo_app/htdocs/areamgrpatch_win.php
Patching of unsupported OSs (Windows XP – Vista, Server 2003)
For those who have unsupported Windows XP/Server 2003 systems, Microsoft has issued a patch for these systems because of the severity and widespread impact of the vulnerability. If you still have devices running these unsupported operating systems, please take this opportunity to replace them with supported operating systems (if possible), harden them by disabling unnecessary services, or apply stricter firewall rules.
The patches for these unsupported systems can be manually obtained from Microsoft here:
http://www.catalog.update.microsoft.com/Search.aspx?q=4500331