During May, Microsoft released a critical security patch to address a vulnerability in remote desktop, or terminal services. Attackers are now leveraging this gap to breach unpatched Windows 7 desktop and Server 2008 R2 machines. This vulnerability requires no authorization or user interaction. An attacker who successfully exploits this vulnerability could execute install programs; view, change, or delete data; or create new accounts with full user rights.
Every business is strongly urged to verify and patch any Windows 7 and Server 2008 R2 machines immediately. Details on the cybersecurity bulletin can be found here.
Risk Mitigation
Disable Remote Desktop Services if they are not required. In all cases, Microsoft strongly recommends installing updates for this vulnerability as soon as possible, even if you plan to leave Remote Desktop Services disabled. Also, if the services are not need, consider disabling as a security best practice. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities.
Security Workaround
In all cases, Microsoft strongly recommends installing updates for this vulnerability as soon as possible, even if planning to implement a workaround. A recommended workaround is to enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2 to block unauthenticated attackers from exploiting this vulnerability. With NLA active, an attacker would first need to authenticate to Remote Desktop Services using a valid account on the target system before able to exploit the vulnerability.
Critical news and security updates are some of the many resources Roebuck Technologies offers to small and medium-sized businesses. Contact Roebuck Technologies today to learn how our IT Professionals can support your team.