On May 14, 2019 Microsoft announced a vulnerability in RDP – Remote Desktop Services…formerly known as Terminal Services. The vulnerability is significant enough that Microsoft has chosen to publish a patch for Windows XP and Windows 2003 on May 15th – operating systems that have been out of support for a few years now.
Why is this important? The vulnerability is similar to the one that WannaCry leveraged, and allows an attacker to “worm” through the network. Reports say that there is a proof-of-concept exploit; as of this writing on May 19th, the MSI lab hasn’t laid hands on one to test and our research is ongoing.
To quote Microsoft:
“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
So what? So…early this morning, a search on shodan.io for “rdp” showed 1058 exposures indexed. A few HOURS later, that number increased to 1062. Externally facing RDP is a very bad idea, and attackers considered it to be low hanging fruit before this vulnerability came to light…now, the stakes are higher.
“My patching is automated” – we’re all good, right? Well…I contacted a friend in a small office yesterday, and suggested that they check. When she inventoried the 4 computers that were set to update automatically…3 of them had not received this update. Due diligence is your friend here, don’t assume.
Patch. Patch now. Share with your friends and colleagues, particularly those who are less than technically savvy. Friends don’t let friends have RDP as an externally facing service!
(Let’s not leave Adobe out of the mix. Adobe’s Patch Tuesday covers 82 CVE’s. EIGHTY TWO? People, we have to do better…)
And remember…is it really paranoia if they ARE out to get you?