RDP Exploits on the Rise: Tips for Mitigating Your ExposurePublished: Wednesday 26th June 2019
Malicious actors continue to exploit Remote Desktop Protocol (RDP), a Microsoft Windows application widely used by businesses, to gain access to the target’s computer. This article, which follows on from a previous post, aims to look at some of the risks allowing RDP unchecked in your environment can create, along with some techniques that can help to mitigate the risk of it being used illegitimately by a malicious actor.
If you are not actively using RDP or any service, then we would always recommend disabling the service and closing any open ports which could be accessible as a result of the service.
Last month (May 2019), Microsoft issued security updates for a critical Remote Code Execution vulnerability in Remote Desktop Services. Successful exploitation of this vulnerability would allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. As a testament to its potential for havoc, patches were extended to unsupported versions of Windows due to fears that exploitation could lead to a global computer virus outbreak, like 2017’s WannaCry worm.