Security Market Segment LS
Wednesday, 15 May 2019 07:41

Microsoft says remote desktop flaw could lead to another WannaCry Featured

Microsoft says remote desktop flaw could lead to another WannaCry Pixabay

Microsoft has warned of the likelihood of another WannaCry-like episode if a remotely exploitable vulnerability in its Remote Desktop Services, announced as part of its monthly updates for May, is not patched as soon as possible.

The vulnerability was discovered by the UK's National Cyber Security Centre.

In a blog post, Simon Pope, the director of Incident Response at the Microsoft Security Response Centre, said the Remote Desktop Protocol itself was not vulnerable.

He said vulnerable systems that were still supported by the company included Windows 7, Windows Server 2008 R2, and Windows Server 2008. Windows 8 and Windows 10 are not affected by this vulnerability.

"This vulnerability is pre-authentication and requires no user interaction," Pope said. "In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

WannaCry hit computers around the world on 13 May two years ago, with a leaked NSA exploit being used to craft the ransomware that brought hospitals in Britain and various organisations in other countries to their knees, with demands for payment after the malware was used to lock Windows systems at these institutions.

Underlining the seriousness of the flaw, Microsoft released patches for Windows 2003 and Windows XP as well, even though official support for these Windows versions has long ended.

Pope said there was partial mitigation on affected systems that had Network Level Authentication enabled.

"The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered," he wrote. "However, affected systems are still vulnerable to Remote Code Execution exploitation if the attacker has valid credentials that can be used to successfully authenticate."

Commenting on the vulnerability, Phil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, told iTWire: "While any critical vulnerability like this should be addressed immediately, the only affected systems are very old, and businesses should have already had a program to upgrade them.

"Windows 7 end of life is January 2020, and after this date Microsoft won't be issuing any patches for security vulnerabilities for it at all."

Joanne Wong, senior regional marketing director APAC and Japan at security intelligence firm LogRhythm, told iTWire the announcement of the flaw served to remind IT users once again that to protect today’s networks and systems, organisations needed to focus closely on three key areas: IT hygiene (e.g., patching, maintenance, upgrades), a modernisation of IT with preventive security controls built in, and the ability to detect and respond to threats before they led to significant breaches.

"At the same time, we must unfortunately operate with the mindset that compromises will occur, and organisations around the world might lose data," she said.

"Hopefully, most CISOs would have implemented robust security operations and monitoring capabilities – allowing them to defend themselves and our data from breach and theft.”


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments