Do you use remote desktop service in your organization? Microsoft will lock out windows RDP clients for their protection if not updated.
Microsoft has announced that it will prevent Windows Server from authenticating Windows RDP clients if they have not been patched to address a security flaw. This security flaw can be exploited by cyber criminals allowing them to hijack systems as well as move around within your network.
Microsoft will lock out windows RDP clients for their protection if not updated however implementation of its Credential Security Support Provider protocol (CredSSP) will solve the security issue.
+In the advisory, Microsoft also did state two upcoming planned actions to address the security vulnerability. The first one will be released on April 17, 2018 so it can update the Microsoft’s RDP client. According to Microsoft, this “will enhance the error message that is presented when an updated client fails to connect to a server that has not been updated.”
On May 8, Microsoft will release another update. It is “an update to change the default setting from vulnerable to mitigated” however more details are to follow.
Special note – If you are using a third-party remote desktop clients and servers, speak with your IT partner or managed IT services provider to ensure it is using the latest Credential Security Support Provider protocol (CredSSP) protocol.
For more details on Credential Security Support Provider protocol (CredSSP) and how it affects Windows Server 2016, Windows Server 2012, Windows 7, Windows 10, and many more, please feel free to reviews Microsoft’s release CredSSP updates for CVE-2018-0886.
Our complimentary network and security assessment can put your IT infrastructure and business to the test.
365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.