Critical Vulnerability Patched in Remote Desktop Services (May 2019)

Microsoft has released a patch today for a CRITICAL Remote Desktop Services vulnerability which affects some implementations of Remote Desktop Services. This is a pre-authentication Remote Code Execution vulnerability, which is as dangerous as they come. A similar vulnerability with SMB was exploited by the WannaCry malware, which caused significant technical and financial damage in 2017.

This vulnerability affects Windows Server 2008, Server 2008 R2, and Windows 7. If these servers have RDS exposed to the internet, they need to be patched as soon as possible.

A workaround to prevent exploitation of this vulnerability is to enable network-level authentication using group policy. Even with this workaround in place, this vulnerability can be used to escalate privilege if user credentials are compromised. Therefore, patching should still take place as soon as possible.

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
"Require user authentication for remote connections by using Network Level Authentication"

Further information can be found on the Microsoft TechNet blog post here.