• About Us
  • Contact Us
Thursday, January 21, 2021
Chyper News
No Result
View All Result
  • News

    Trending Tags

    • Commentary
    • Featured
    • Event
    • Editorial
  • Politics
  • National
  • Business
  • World
  • Opinion
  • Tech
  • Science
  • Lifestyle
  • Entertainment
  • Health
  • Travel
  • News

    Trending Tags

    • Commentary
    • Featured
    • Event
    • Editorial
  • Politics
  • National
  • Business
  • World
  • Opinion
  • Tech
  • Science
  • Lifestyle
  • Entertainment
  • Health
  • Travel
No Result
View All Result
Morning News
No Result
View All Result
Home Vulnerability

Microsoft is urging Windows customers to patch a wormable RDP error

Don Bradman by Don Bradman
May 22, 2019
in Vulnerability
0
0
SHARES
153
VIEWS
Share on FacebookShare on Twitter

Microsoft has fixed a critical vulnerability in some Windows versions that can be exploited by malicious people to create a powerful worm. The company even took the unusual step of releasing patches for Windows XP and Windows Server 2003, which have not been supported for years because it believes the threat is very high.

The vulnerability, maintained as CVE-2019-0708, is in Remote Desktop Services, formerly known as Terminal Services. This component processes connections via the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks.

What makes the vulnerability so dangerous is that it can be exploited remotely without authentication or user interaction simply by sending a maliciously crafted RDP request to a vulnerable system. A successful attack can lead to malicious code execution on the system with full user rights, allowing attackers to install programs, modify or delete user data, and even create new accounts.

"In other words, the vulnerability is & # 39; wormable & # 39 ;, meaning that future malware exploiting this vulnerability can be spread from a vulnerable computer to a vulnerable computer in the same way as the WannaCry malware in 2017 spread throughout the world, "Simon Pope, director of Incident Response at the Microsoft Security Response Center, said in a blog post. "Although we did not use this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and integrate it into their malware."

WannaCry has not exploited vulnerability in RDP, but in Microsoft & # 39; s implementation of SMB, a file sharing and verification protocol used on all Windows networks and enabled by default. Although the attacks are different, Pope & # 39; s analogy with WannaCry is based on the ease of exploitation – remotely without authentication – and the popularity of both protocols.

In the past, RDP was a popular infection vector for malware threats, particularly for ransomware, cryptominators, and point-of-sale memory scrapers. Attackers usually steal or gross force RDP login details to gain access to systems.

Earlier this year, the FBI closed an underground marketplace called xDedic that was used to sell RDP access to tens of thousands of compromised servers over the course of several years. The prices ranged from $ 6 to $ 10,000 based on the geographic location, operating system, and other criteria of a server. This new RDP vulnerability would provide attackers with free access to an even greater number of servers and systems.

Legacy Windows systems are at risk

The vulnerability affects Remote Desktop Services in Windows 7, Windows Server 2008 R2, and Windows Server 2008, as well as in older Windows versions that have reached the end of their life. In addition to the supported Windows versions, Microsoft decided to release security updates for Windows XP, Windows XP Embedded and Windows Server 2003, probably because these Windows versions are still widely used in older environments and on specialized equipment such as ATMs, medical devices, self-service kiosks, payment machines and more.

It is worth noting that the destructive WannaCry and NotPetya ransomware worms both exploited known vulnerabilities that had patches available when they hit, but the attacks still disrupted normal operations in hospitals, factories, ports, railways and many companies around the world. That's because many older systems and devices are used to perform critical processes, so even if patches are available, their owners may not apply them for very long because they cannot afford the downtime.

In the absence of direct patches, the owners of such systems should take a more in-depth approach by placing these devices on isolated network segments, disabling services that are not needed and using secure VPN solutions to access them remotely.

"Disable Remote Desktop Services if this is not necessary," Microsoft said in his advice. "If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unnecessary services helps reduce your exposure to security vulnerabilities."

Microsoft also suggests two attack blocking solutions that address this RDP vulnerability: Enable Network Level Authentication (NLA) on systems with supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2; and blocking TCP port 3389 at the corporate perimeter firewall to prevent attacks from the internet.

Next Post
How Microsoft builds empathy between its security teams and development teams

How Microsoft builds empathy between its security teams and development teams

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About

Chypernews is an individual news publication which covers the news around market research, health, politics and technology in general. Get in touch with us on contact@chypernews.com to know more.

Categories

  • Business
  • Computer Security
  • Cyber Security
  • Malware
  • Market News
  • Uncategorized
  • Vulnerability

Recent Posts

  • Pharmaceutical Asset Management Market Comprehensive Report, 5-Year Forecast, Competitor Analysis
  • Comprehensive Report On The Indium Gallium Zinc Oxide (IGZO) Market – Sharp, Samsung ElectronicsProfits Forecast, Market Share Analysis
  • 5 Year Warehouse Management System (WMS) Market Forecast With Focus on Performance of AFS Technologies, AGI Worldwide
  • Flatwares Market Research Report 2019-2024 – Top Key Players BergHOFF, Cambridge Silversmith, Ginkgo
No Result
View All Result
  • Homepages
    • Home Page 1
    • Home Page 2
  • News
  • Politics
  • National
  • Business
  • World
  • Entertainment
  • Fashion
  • Food
  • Health
  • Lifestyle
  • Opinion
  • Science
  • Tech
  • Travel

© 2019 Chypernews.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In