Skip to content

Remote Desktop Services Remote Code Execution

Table of Contents

Option 1: Patch the Host

Microsoft released patches, KB4493471 and KB4493472, addressing this vulnerability. Install one of the patches from the Microsoft Update Catalog for the corresponding host operating system. See Microsoft’s update guide here

Option 2: Enable NLA on the Host

Enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2 You can enable Network Level Authentication to block unauthenticated attackers from exploiting this vulnerability. With NLA turned on, an attacker would first need to authenticate to Remote Desktop Services using a valid account on the target system before attempting to exploit the vulnerability.

Steps to Enable NLA:

  • On the vulnerable host, from the Start Menu, access Control Panel > System and Security > System > Remote settings > Remote tab > Remote Desktop
  • Check these options:
    • Allow remote connections to this computer
    • Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)