Earlier this week Microsoft released fixes for a critical Remote Code Execution vulnerability in Remote Desktop Services that affects some older versions of Windows and Windows Server. So, why should I care? Well, if you have a Windows 7 (or, heaven-forbid, a Windows XP computer) you need to worry. If your company runs a Windows 2008 Server, or, for some reason, still a Windows 2003 Server, you better take this warning seriously.
The issue: The vulnerability that was found allows a bad guy to write some code to allow him or her to take control of your computer or server remotely without having to previously be connected to it. It does have to be running Remote Desktop Service (Terminal Server), which quite a few Servers are. When someone exploits this (notice how I said when?) it will spread quickly, like a worm. We don’t have to look far back in the past for an example of the potential destruction. In May of 2017, WannaCry spread over 300,000 computers in less than 4 days, encrypting files on victims computers then demanding $300-$600 to unlock them. This attack similarly exploited older versions of Windows. In that case, Microsoft also warned people prior. But, to their detriment, many people ignored that warning.
Good news is, you can protect yourself. If you are running Windows 7 or Windows Server 2008, the update/fix is included in your Windows Update. If you have Windows XP or Server 2003, you will need to manually install the fix. You can find those here.
Miller Group MSP clients have their computers patched automatically. If you would like to learn more on how we can do this and much more for your company, visit here.