The hack takes advantage of two Windows server security vulnerabilities about which Microsoft has already alerted users. There are security updates for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities, but just in case you’re having second thoughts about using them, this hacker has just shown how real the threat to your system is.

Hackers can remotely manipulate your system and data

In any case, Microsoft hasn’t suggested another effective way to handle the issue, so patching seems to be the only way to keep your Windows PC safe from the threat for now. Luca recommends disabling UDP traffic for the RDG to thwart an RCE attack like the one he just demonstrated.

— Luca Marcelli (@layle_ctf) January 26, 2020 Organizations use Windows RDG to let their employees remotely connect to the company’s IT resources via any device with a remote desktop client application. Such a connection should generally be secure and hack-proof, especially if it incorporates multi-factor authentication. But in an RCE attack that exploits Windows RDG security weaknesses, a hacker doesn’t have to submit the correct user credentials to access company files. That’s because the attack takes place before the activation of authentication protocols.

Patching your system is the only way to stay safe

The RDG itself gives the intruder the prerequisite remote access, so they don’t even have to be physically there to execute their malicious code. Worse still, the intrusion is stealth, seeing as the “specially crafted requests” to the target system or device require no user interactions to get through. Microsoft says that a successful exploit of this vulnerability could enable a hacker to deploy new programs or view/ alter data. Organizations holding sensitive personal information wouldn’t want to take that risk, especially against the backdrop of more stringent data protection regulations worldwide. The Windows operating system maker has, in the past, identified other Remote Desktop Protocol (RDP) vulnerabilities that may be worth your attention. There are fixes for these bugs too. To be on the safe side, consider keeping pace with the latest Patch Tuesday updates.

READ NEXT: Best anti-hacking software for Windows 10 [2020 Guide]

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ