Late last night, Microsoft released a warning to notify the public of a serious flaw in their Windows Remote Desktop Protocol (RDP). The flaw allows an attacker to run code behind the systems firewall, which gives the would-be infiltrator potentially limitless power over a given system. This security flaw affects all current versions of Windows, as well as the Remote Web Workplace function in Small Business Server 2003. Home releases of Windows such as Vista and 7 are less likely to be effected by this security flaw, as RDP is disabled by default. If RDP is enabled, users can also enable Remote Desktop’s Network Level Authentication (NLA) manually to negate the problem.
Microsoft’s official statements, along with additional information, can be found here – MS12-020.
The security flaw has been fixed by Microsoft’s March ‘Patch Tuesday’ bug fix release, which will prevent the attackers from executing code remotely without proper authentication. Microsoft is urging all Windows users to run updates as a matter of urgency. The software giant has set the flaws official ‘Exploitability Index’ to 1 (Critical), meaning serious attacks are expected within the next 30 days.
Outside of the regular bug fix update, you can also manually fix the flaw by installing Microsoft Fix It 50844 found under the ‘Fix it for me’ tab found here.
The Netwise Hosting team have already rolled out the update on all Windows system deployments within our data centres, giving our customers front-line protection as soon as it became available. However, we still urge all customers to review their own security policies in the coming days, as workarounds are expected to be in development now that attackers are aware of potential entry points. Home users should also check for security flaws, and ensure the new Microsoft Patch (or at the very least the fix to enable NLA) has been installed.