This month’s Patch Tuesday update will fix a critical vulnerability in Microsoft’s Remote Desktop Protocol affecting all PCs running Windows Vista and newer. The vulnerability allows attackers to exploit remote desktop and Windows remote management to run code remotely on the compromised server.
Considering that many organizations use Microsoft’s Remote Desktop protocol to perform remote logins, this security flaw is a pretty big deal. Computer and network security company Preempt disclosed the vulnerability to Microsoft back in August, and it took a couple of months for the company to address it.
The company described how the attack worked in a press release and video, which can be seen below:
With this vulnerability, organizations are susceptible to having an attack mounted with simple Wi-Fi or physical access. If an attacker has access, they can launch a man-in-the-middle attack. Other ways like Address Resolution Protocol (ARP) poisoning and attacking sensitive servers through vulnerable routers and switches will enable the attack.
According to Preempt, this security vulnerability has yet to be exploited by attackers, but the company is urging organizations to protect themselves by installing today’s Patch Tuesday update. “However, it is important to note that patching alone is not enough as IT professionals will also need to make a configuration change to apply the patch and be protected,” the company explained, adding that “blocking the relevant application ports (RDP, DCE/RPC) would also thwart attack.”
We're still waiting to see if Microsoft will comment on the vulnerability later today, but this month's Patch Tuesday Updates will be more important than usual. The updates should be released around 10AM PST, and we'll let you know as soon as they're available to download.