Microsoft recently exposed to a code execution vulnerability in its remote desktop services. The RCE in Microsoft RDP can allow the attackers to perform another dangerous attack like WannaCry. According to Microsoft, the bug had affected old versions of Microsoft Windows. They further added that the flaw has been patched now. More than 3 million endpoints were marked vulnerable to this RCE bug. According to security researchers, the vulnerability could lead to a WannaCry level malware attack.
RCE bug in Microsoft RDP
Initially, the remote desktop service isn’t vulnerable to the bug. The attacker needs pre-authentication to exploit it. But it doesn’t require the user’s interaction.
Currently, there is no exploit available for the bug. But for sure, in future attackers will create exploits for this. Vulnerable Windows include Windows 7, Windows Server 2008 R2 and Windows server 2008. The vulnerable endpoints are also effective in out of support versions including Windows 2003 and Windows XP. RCE bug in Microsoft RDP targets more than 3 million endpoints.