It’s Bad Enough, Microsoft Issued Patches for Legacy Systems
Microsoft has recently released a critical update addressing a significant security hole found within their Remote Desktop Services. The security gap impacts multiple Windows versions, leaving Microsoft with no choice but to offer patches for all impacted operating systems, including legacy systems. Since patches are rarely issued for legacy operating systems, users should take this as a sign of the significance.
The operating systems that are believed to be compromised include Windows Server 2003 and XP, as well as Windows 7, 2008 R2, and 2008 for PCs. The downloadable patch for in-support systems can be found in the Microsoft Security Update Guide and in KB4500705 for out-of-support systems.
The Herjavec Group has sent out at Threat Advisory email, stating,
It is critical that organizations apply the patch as soon as possible because this vulnerability is “wormable”, meaning it is pre-authentication and requires no user interaction. An exploit for this weakness could be used to create malware that would spread similarly to WannaCry and other recent worms.
If users are not able to apply the necessary patches, other controls to mitigate risk exposure include:
- Enabling Network Level Authentication (NLA) for Windows 7 and Windows Server 2008 (and 2008 R2) systems (preventing the spread of malware leveraging this vulnerability)
- Blocking TCP port 3389 at the border (preventing unauthorized requests or access from the Internet)
- Disabling Remote Desktop Services (only if not required)
To date, researchers have not been able to find any malware campaigns exploiting this vulnerability. However, that is not to say it won’t be done. Now that this is public information, it is almost guaranteed hackers will begin exploiting this weakness sooner, rather than later.
