Security Market Segment LS
Wednesday, 15 May 2019 07:41

Microsoft says remote desktop flaw could lead to another WannaCry Featured

Microsoft says remote desktop flaw could lead to another WannaCry Pixabay

Microsoft has warned of the likelihood of another WannaCry-like episode if a remotely exploitable vulnerability in its Remote Desktop Services, announced as part of its monthly updates for May, is not patched as soon as possible.

The vulnerability was discovered by the UK's National Cyber Security Centre.

In a blog post, Simon Pope, the director of Incident Response at the Microsoft Security Response Centre, said the Remote Desktop Protocol itself was not vulnerable.

He said vulnerable systems that were still supported by the company included Windows 7, Windows Server 2008 R2, and Windows Server 2008. Windows 8 and Windows 10 are not affected by this vulnerability.

"This vulnerability is pre-authentication and requires no user interaction," Pope said. "In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

WannaCry hit computers around the world on 13 May two years ago, with a leaked NSA exploit being used to craft the ransomware that brought hospitals in Britain and various organisations in other countries to their knees, with demands for payment after the malware was used to lock Windows systems at these institutions.

Underlining the seriousness of the flaw, Microsoft released patches for Windows 2003 and Windows XP as well, even though official support for these Windows versions has long ended.

Pope said there was partial mitigation on affected systems that had Network Level Authentication enabled.

"The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered," he wrote. "However, affected systems are still vulnerable to Remote Code Execution exploitation if the attacker has valid credentials that can be used to successfully authenticate."

Commenting on the vulnerability, Phil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, told iTWire: "While any critical vulnerability like this should be addressed immediately, the only affected systems are very old, and businesses should have already had a program to upgrade them.

"Windows 7 end of life is January 2020, and after this date Microsoft won't be issuing any patches for security vulnerabilities for it at all."

Joanne Wong, senior regional marketing director APAC and Japan at security intelligence firm LogRhythm, told iTWire the announcement of the flaw served to remind IT users once again that to protect today’s networks and systems, organisations needed to focus closely on three key areas: IT hygiene (e.g., patching, maintenance, upgrades), a modernisation of IT with preventive security controls built in, and the ability to detect and respond to threats before they led to significant breaches.

"At the same time, we must unfortunately operate with the mindset that compromises will occur, and organisations around the world might lose data," she said.

"Hopefully, most CISOs would have implemented robust security operations and monitoring capabilities – allowing them to defend themselves and our data from breach and theft.”


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments