RDP Security Bulletin
Last week Microsoft released a security bulletin stating that there was a vulnerability reported within their RDP (Remote Desktop Protocol). This vulnerability could allow an attacker to execute code remotely to a machine without needing to logon to the machine.
This vulnerability impacts the following systems:
Windows Server 2003, Windows XP, Windows Server 2008, Windows Vista and Windows 7.
If you have automatic updates set on the machine(s), then you may already have the patch installed that fixes this vulnerability. If you are not running automatic updates, ensure that the users manually perform the windows updates so this issue is fixed.
Either way, you should verify the system has been patched and look for KB updates 2667402 or 2621440 (only one needs to be present in the list).
To do this go to Add/Remove programs (depending on your operating system) and then make sure to show installed updates. That is where you should see one of the updates above. If not you should run Windows Update and make sure the patch is installed.
In addition to the update we also recommend going on each of your computers and turning on Network Level Authentication (NLA) if it is supported, and you have remote desktop turned on. NLA is supported on all machines running Windows Vista, 7, and Server 2008. We anticipate additional RDP attacks, and turning on NLA should help mitigate that possibility. To turn on NLA, click the start menu, and right click on Computer. Select Properties…and then select “Advanced system settings” from the left side of the window that appears. Click the Remote Tab, then under “Remote Desktop” select the last option – “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.