Earlier this week on 5/14/19 Microsoft released patches for a critical vulnerability with Remote Desktop Services. Because the vulnerability is so serious, they also released patches for out of support Windows XP and Windows Server 2003. If you're running an out of support Operating System (Windows XP/2003) you'll have to manually download the patches from https://tinyurl.com/y6nbugsn. For Windows 7 users, please make sure to download the 5/2019 cumulative update as soon as possible available at https://support.microsoft.com/en-us/help/4499164. This vulnerability does not impact Windows 8 and Windows 10 computers. This vulnerability is "wormable", so you can get infected without any user interaction if you don't have the patch.
With Remote Desktop always follow these best practices when using RDP from outside of your office:
- Never leave RDP Open (TCP 3389) inbound from the Internet. Instead use an SSL VPN to protect RDP access.
- Always use Two Factor Authentication, especially from outside of your network.
- Stay up to date with the latest patches for the Operating System and Applications.
Update your Windows 7/2008 computers now and stay safe!