Skip to main content

Windows Remote Desktop Bug Graded Critical

A bug has been identified in the Windows' remote desktop feature that could potentially allow attackers to bypass security and execute malicious code - with Microsoft grading it as critical.

Fortunately for anyone worried, there's already a patch available to fix up the hole. Considering this flaw affects all versions of Windows, it's probably a good idea everyone gets a hold of this latest release.

This was discussed on the Microsoft Technet blog, where authors Suha Can and Jonathan Ness, engineers in Microsoft's Security Response Centre, discussed the bug urging people not to panic. "Just to reiterate, remote desktop is not enabled by default and is not commonly enabled on client workstations," it reads.

However, at several points during the posting the pair do urge anyone that could be affected to apply the patch, or at the very least read through the post to discover some of the ways that could "harden your environment" to this sort of attack until you can apply the update.

The most obvious of these they said, is to enable Remote Desktop's Network Level Authentication. This forces anyone attempting to launch any remote code through the service, to authenticate with the server first. While this doesn't make it impossible, it does add an extra layer of complexity to anyone that might try and exploit this bug.

A simple link is provided for anyone that wants to make use of this added security measure.

Dipping his toes into almost everything that could be labeled 'nerdy' in his free time, Jon has been writing about technology for over half a decade. While mainly focusing on PC hardware thoughout this time, today he's more varied, covering everything from gaming to general electronics, industry perspectives and consoles. As well as writing for different sites, Jon enjoys wargaming, reading and PC gaming, hoping to balance out these geeky pastimes with fire spinning and MMA.