German BSI warns for vulnerability in RDP from Microsoft
The German Federal Office for Information Security (BSI) has warned of a critical vulnerability in the Remote Desktop Protocol (RDP) services for the Microsoft Windows operating system. The vulnerability can be exploited remotely and without the intervention of the user. Microsoft has also spoken about the vulnerability. The company said that the problem affects older versions of Windows and that the vulnerability is “wormable,” meaning that any future malware that exploits it could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
The versions of Windows and Windows Server up to Windows 7 and Windows Server 2008 are affected, while Windows 10 is not affected. Security updates for different versions of Windows are available. The BSI said that the updates provided by Microsoft should be installed immediately.
The BSI has issued a Cyber Security Warning with detailed recommendations for action to critical infrastructure operators and participants in the Alliance for Cyber Security. Although the RDP service is usually not set as active, for a large number of servers the service is used for remote maintenance, in part over the Internet. Telecom/IT Security professionals of SEVOCOMM can help you to stay up-to-date.