May 16, 2019
Microsoft Announces Vulnerability to Remote Desktop Services
We are in a time where vulnerabilities to the systems we use are increasingly leveraged against us for the illegal benefit of others. The time-tested mantra of “No system is 100 percent secure” continues to echo in the minds of global users, but that doesn’t mean we’re helpless to defend our houses from the threats of the world. Even though hackers are a clever bunch, we should remain vigilant in our efforts to thwart the next compromise no matter how big or small it may be. If we all agree and promise to be proactive in fortifying our defenses, and we actually do so, then we are fulfilling our promise of delivering more secure and reliable services.
Let’s put this into action right now.
On May 14, Microsoft shared the news of a significant vulnerability with their Remote Desktop services. This vulnerability affects operating systems back to Windows XP and Server 2003 and is significant enough for Microsoft to warrant the release of patches to their Update Catalog for these unsupported operating systems. But in addition to XP and Server 2003, Windows 7 and Server 2008 are also vulnerable. Fortunately, Windows 8 and Windows 10 are safe.
According to a Microsoft Technet blog post, “this vulnerability is pre-authentication and requires no user interaction” making it “wormable” and feasible for malicious code to rapidly travel from one vulnerable computer to the next. It is also very likely threat actors will write exploitation code to produce an outbreak similar to the now infamous 2017 WannaCry attack, which had its vulnerability and exploit code in the wild months before the outbreak occurred.
Microsoft issued security update CVE-2019-0708 titled “Remote Desktop Services Remote Code Execution Vulnerability” documenting the details and links to the essential patches. Datto RMM partners are able to immediately take advantage of a newly built component designed to deliver the patches to any out-of-support Windows XP and Server 2003 devices, which would otherwise require manual updating. Using this new component in conjunction with the native Windows patching capabilities of Datto RMM, partners will be able to easily prevent the exploitation of this vulnerability and keep concerned minds at peace.
This type of development is a great opportunity for MSPs to reaffirm the importance of migrating devices to Windows 10 or Server 2019 if it is still being considered. Being able to exemplify the threat before it disrupts a business can be very compelling to a business owner. Datto is doing its part to help and has produced a webinar series on using Datto RMM to perform Windows 10 migrations at scale and informing customers to make an educated decision on how to proceed. Live and On-Demand recordings are available on Datto’s Events page.
Now is the time to get ahead of the threat and prevent a repeat of WannaCry. If we are truly delivering on the promise to provide more secure and reliable services, then all Windows XP, Windows 7, Server 2003 and Server 2008 devices under management should receive these important updates right now.