Remote Desktop Services Remote Code Execution
Table of Contents
Option 1: Patch the Host
Microsoft released patches, KB4493471 and KB4493472, addressing this vulnerability. Install one of the patches from the Microsoft Update Catalog for the corresponding host operating system. See Microsoft’s update guide here
Option 2: Enable NLA on the Host
Enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2 You can enable Network Level Authentication to block unauthenticated attackers from exploiting this vulnerability. With NLA turned on, an attacker would first need to authenticate to Remote Desktop Services using a valid account on the target system before attempting to exploit the vulnerability.
Steps to Enable NLA:
- On the vulnerable host, from the Start Menu, access Control Panel > System and Security > System > Remote settings > Remote tab > Remote Desktop
- Check these options:
Allow remote connections to this computer
Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)