Microsoft releases a statement about Remote Desktop Protocol RCE vulnerability discovered in the Remote Desktop Services component of Windows.
The vulnerability allows an unauthenticated attacker to connect to the target system using RDP and send special requests. A successful attack would allow the attacker to execute arbitrary code on the target system, enabling them to perform various actions such as installing programs, changing data, or creating new accounts with full user permissions.
If you run any versions of Windows prior to Windows 8, you may be affected by this vulnerability. Microsoft has released patches for Windows versions all the way back to Windows 2003/XP and they strongly advise applying the patches as soon as possible.
According to the Wall Street Journal, Microsoft took the unusual step of warning the public that the vulnerability could be used as a cyber weapon. Attackers could have the upper hand as people often are too slow to roll out security enhancements in their software.
Per Microsoft, “the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
According to Alert Logic, the RCE vulnerability is pre-authentication and requires no user interaction. To exploit, an attacker would need to be able to establish a connection to a vulnerable system with RDP exposed to the public internet.