Security Market Segment LS
Wednesday, 15 May 2019 07:41

Microsoft says remote desktop flaw could lead to another WannaCry Featured

Microsoft says remote desktop flaw could lead to another WannaCry Pixabay

Microsoft has warned of the likelihood of another WannaCry-like episode if a remotely exploitable vulnerability in its Remote Desktop Services, announced as part of its monthly updates for May, is not patched as soon as possible.

The vulnerability was discovered by the UK's National Cyber Security Centre.

In a blog post, Simon Pope, the director of Incident Response at the Microsoft Security Response Centre, said the Remote Desktop Protocol itself was not vulnerable.

He said vulnerable systems that were still supported by the company included Windows 7, Windows Server 2008 R2, and Windows Server 2008. Windows 8 and Windows 10 are not affected by this vulnerability.

"This vulnerability is pre-authentication and requires no user interaction," Pope said. "In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

WannaCry hit computers around the world on 13 May two years ago, with a leaked NSA exploit being used to craft the ransomware that brought hospitals in Britain and various organisations in other countries to their knees, with demands for payment after the malware was used to lock Windows systems at these institutions.

Underlining the seriousness of the flaw, Microsoft released patches for Windows 2003 and Windows XP as well, even though official support for these Windows versions has long ended.

Pope said there was partial mitigation on affected systems that had Network Level Authentication enabled.

"The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered," he wrote. "However, affected systems are still vulnerable to Remote Code Execution exploitation if the attacker has valid credentials that can be used to successfully authenticate."

Commenting on the vulnerability, Phil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, told iTWire: "While any critical vulnerability like this should be addressed immediately, the only affected systems are very old, and businesses should have already had a program to upgrade them.

"Windows 7 end of life is January 2020, and after this date Microsoft won't be issuing any patches for security vulnerabilities for it at all."

Joanne Wong, senior regional marketing director APAC and Japan at security intelligence firm LogRhythm, told iTWire the announcement of the flaw served to remind IT users once again that to protect today’s networks and systems, organisations needed to focus closely on three key areas: IT hygiene (e.g., patching, maintenance, upgrades), a modernisation of IT with preventive security controls built in, and the ability to detect and respond to threats before they led to significant breaches.

"At the same time, we must unfortunately operate with the mindset that compromises will occur, and organisations around the world might lose data," she said.

"Hopefully, most CISOs would have implemented robust security operations and monitoring capabilities – allowing them to defend themselves and our data from breach and theft.”


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments