Remote Desktop Protocol is a very handy tool, as the name suggests it allows you to take remote control of a desktop and is commonly used for everything from logging into a remote server to change settings to helping a long distance friend to get their printer installed to logging onto your home machine to start a Steam download and install so your game will be ready for you when you get home from work. Unfortunately it does open up a way into your PC for attackers, though thanks to the Network Level Authentication feature which was added into Vista and later versions of Windows, PCs on an authenticated network are much safer than they would be without it. Unfortunately NLA will not exist on home workgroups, nor is it supported by versions of Windows previous to Vista. That is why The Register warns of a RDP vulnerability that Microsoft will be patching next patch Tuesday, as older machines as well as home machines could be at risk if someone launches an attack before the patch is released and installed. For the mean time you might want to disable RDP unless you actually use it regularly.
"The critical flaw covers all versions of Windows and is found in the Remote Desktop Protocol (RDP). It allows attackers to run code remotely behind the firewall, although Vista users and above can activate the Remote Desktop’s Network Level Authentication (NLA) to trigger an authentication request. RDP is disabled by default, but is often activated."
Here is some more Tech News from around the web:
- White House CIO Describes His ‘Worst Day’ Ever @ Slashdot
- Apple patches steaming heap of Safari bugs @ The Register
- EC researchers demo multi-gigabit fibre-to-the-home @ The Register
- TEXT GOES HERE
- Canon PowerShot A4000 IS Review @ TechReviewSource
- Sharkoon at CeBIT 2012 @ XSReviews
- Win a DS212j NAS with Synology @ Kitguru
Another extra precautionary
Another extra precautionary measure would be to change the default port from 3389 to anything else.
you cant find it in ‘HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp’
do not forget to add an exception for the new port in whatever firewall you’re using (windows/3rd party) and disable the default RDP port rule for 3389.
Cheers 🙂
I use OpenVPN to VPN in to my
I use OpenVPN to VPN in to my LAN – 3389 is not forwarded and to access my systems to RDP one would have to break in to my network first. Is this attack still a threat?
The fact you’re using OpenVPN
The fact you’re using OpenVPN gives you that secure tunnel… but 3389 is still the default listening port that initiates an rdp connection, vpn or not.
You’re pretty safe using a vpn tunnel.
Good tips both of you.
If
Good tips both of you.
If you aren’t even using RDP then just disable it, but sounds like you are safe with OpenVPN