Security Market Segment LS
Wednesday, 15 May 2019 07:41

Microsoft says remote desktop flaw could lead to another WannaCry Featured

Microsoft says remote desktop flaw could lead to another WannaCry Pixabay

Microsoft has warned of the likelihood of another WannaCry-like episode if a remotely exploitable vulnerability in its Remote Desktop Services, announced as part of its monthly updates for May, is not patched as soon as possible.

The vulnerability was discovered by the UK's National Cyber Security Centre.

In a blog post, Simon Pope, the director of Incident Response at the Microsoft Security Response Centre, said the Remote Desktop Protocol itself was not vulnerable.

He said vulnerable systems that were still supported by the company included Windows 7, Windows Server 2008 R2, and Windows Server 2008. Windows 8 and Windows 10 are not affected by this vulnerability.

"This vulnerability is pre-authentication and requires no user interaction," Pope said. "In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

WannaCry hit computers around the world on 13 May two years ago, with a leaked NSA exploit being used to craft the ransomware that brought hospitals in Britain and various organisations in other countries to their knees, with demands for payment after the malware was used to lock Windows systems at these institutions.

Underlining the seriousness of the flaw, Microsoft released patches for Windows 2003 and Windows XP as well, even though official support for these Windows versions has long ended.

Pope said there was partial mitigation on affected systems that had Network Level Authentication enabled.

"The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered," he wrote. "However, affected systems are still vulnerable to Remote Code Execution exploitation if the attacker has valid credentials that can be used to successfully authenticate."

Commenting on the vulnerability, Phil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, told iTWire: "While any critical vulnerability like this should be addressed immediately, the only affected systems are very old, and businesses should have already had a program to upgrade them.

"Windows 7 end of life is January 2020, and after this date Microsoft won't be issuing any patches for security vulnerabilities for it at all."

Joanne Wong, senior regional marketing director APAC and Japan at security intelligence firm LogRhythm, told iTWire the announcement of the flaw served to remind IT users once again that to protect today’s networks and systems, organisations needed to focus closely on three key areas: IT hygiene (e.g., patching, maintenance, upgrades), a modernisation of IT with preventive security controls built in, and the ability to detect and respond to threats before they led to significant breaches.

"At the same time, we must unfortunately operate with the mindset that compromises will occur, and organisations around the world might lose data," she said.

"Hopefully, most CISOs would have implemented robust security operations and monitoring capabilities – allowing them to defend themselves and our data from breach and theft.”


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments