A bug in Microsoft’s Remote Desktop Services has been discovered. The vulnerability allows an attacker to take over a Windows PC if it’s connected to the internet and is operating with an out-of-support operating system. Not all machines are vulnerable, but the number of exposed machines makes it likely that somebody will come up with a worm.
If your organization is operating with soon-to-be end-of-life/support operating systems, a patch will need to be installed manually. Microsoft is making fixes available for these out-of-support versions of Windows here.
Systems Engineering customers who use an in-support version of Windows and have subscribed to our patching services (Network Monitoring and Endpoint Security - these are included in IT Essentials and Network Security) will be protected automatically. However, in addition to our patching, we will NOT support customers connecting open remote desktop ports to the internet for various other reasons.
The best way to address this vulnerability is to upgrade to the latest version of Windows and subscribe to Systems Engineering patching services mentioned above.
To reach out to a Systems Engineering representative, email firstname.lastname@example.org or call 888.624.6737.