Microsoft bundles patches for distribution on the 2nd Tuesday each month, and August 2019 is particularly important with 93 vulnerabilities fixed. Four vulnerabilities allow execution of code on remote computers, and two of those take control of a computer then spread to other computers entirely on their own (https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/). The patches below are critical according to Microsoft, and affect the following operating systems:
- Windows 7 SP1
- Windows 8.1
- Windows 10 - all versions including Server
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
Some of our client firms delay or screen patches and updates, but it is important to patch these critical vulnerabilities. Here are links where you can download just the security patch or the bundle for your specific operating system right from Microsoft.
In addition, enabling Network Level Authentication (NLA) prevents the worm-like behavior, by preventing initiation of remote desktop connections until the user is authenticated. But this does not prevent remote code execution. You'll need the patches to prevent that.
For a confidential discussion of your situation or to get some help with these, give your Technology Partner a call.
The LeeShanok Team