HKCert
Security Blog

HKCERT Urges Microsoft Windows Users to Patch up RDS Vulnerability

Release Date: 23 / 05 / 2019
Last Update: 24 / 05 / 2019

(Hong Kong, 23 May 2019) In light of Microsoft’s earlier discovery of a vulnerability in the Remote Desktop Services (RDS) of the Windows system, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council is urging Microsoft Windows users to promptly go to the official website to download and install the relevant security patch to close system loopholes. Otherwise, they are advised to keep their RDS offline temporarily to minimise risk.

 

Microsoft earlier reported a vulnerability in the RDS of several Windows versions whom hackers could exploit to trigger remote code execution on the targeted system, and to inject malware to further infect computers in the same network. Latest information from overseas cyber security research organisations have indicated that attack tools are being developed which can evolve into a worm-like outbreak in the Internet, poising a serious threat to cyber security.

 

Some Hong Kong companies which outsource their IT services will open their RDS for remote technical support from their service providers, making them more vulnerable to remote attacks. Once the hackers inject malware into the user machines, it can lead to larger scale infection in the internal network and spread across the Internet. Based on past experience, hackers might launch their attacks on Friday afternoon and during the weekend when cyber security cover tends to be low. Hence, heightened vigilance is advised.

 

At the same time, affected Microsoft Windows users can take the following remedial actions:

  1. Apply patches for the vulnerability, or else they should keep their RDS offline;
  2. Unless really necessary, do not turn on RDS;
  3. If RDS are required, secure configuration should be applied, such as enabling Network Level Authentication, restricting IP addresses via system configuration or firewall rule;
  4. Backup critical data; and
  5. IT administrators should use group policy to apply related controls in their organization (e.g. disabling RDS if not necessary, restricting IP address, and change the default port number for RDS). They should also closely monitor logs for internal network and take necessary actions to tackle cyber attacks

 

At present, security patch can be downloaded from the related software provider. It even covers some of those Windows versions whose support has already expired. However, there are websites claiming to provide patch software related to this vulnerability. HKCERT recommends users to go to the official software provider website for the patch software to avoid unnecessary risks.

 

Should users have any question on the related vulnerability, they are most welcome to contact HKCERT via email: [email protected] or its 24-hour telephone hotline: 8105 6060. Its experts are ready to provide respective assistance and security advisory. HKCERT will continue monitoring the latest development of this vulnerability. Should there be any further updates, it will accordingly inform the public.

 

Reference Link: https://www.hkcert.org/my_url/en/alert/19051507