See News

Serious vulnerability in Microsoft RDP protocol

A serious vulnerability has recently been discovered in Microsoft's RDP / RDS / terminal services.

The vulnerability makes it possible for an attacker to execute code remotely without authentication. Experience from the past shows that these types of vulnerabilities have the potential to be abused on a large scale. For that reason we want to draw extra attention to the security update for this vulnerability. At the moment there is no public exploit code known to exploit the vulnerability. However, we expect that this will not take long.

Exploitation of the vulnerability can be prevented through NLA (Network Level Authentication). In Windows 7 and Windows Server 2008 (R2) this option must be enabled. For more information about, among other things, this mitigation measure, see Microsoft's security advice on RDP vulnerability. This contains instructions on how to make your system secure.

My computer is managed by LISA and I probably use this protocol because I can see at home what my system is doing. Do i have to do anything?

LISA ensures that your system is provided with the new patches as quickly as possible. In some cases you will have to indicate that they must be installed as soon as possible.

I manage my Windows 10 computer and I probably use this protocol because I can see at home what my computer is doing. Do i have to do something?

Windows 10 is not vulnerable. You do not have to do anything.

It is of course advisable to install the other (security) updates.

I manage my Windows 7 computer and probably use this protocol because I can see at home what my computer is doing. Do i have to do something?

Follow the instructions in the Microsoft blog and update your system as soon as possible.