If Windows is prompting you to upgrade right now, you’re strongly advised to give in and click the button at your earliest convenience.
That’s because the Windows update that rolled out this week (August 13, 2019) fixes a serious vulnerability in Remote Desktop Services that could allow a hacker to perform Remote Code Executions.
Far more concerning, however, is the fact that the vulnerability is ‘wormable’. This means if not dealt with it can spread from computer to computer without any user intervention.
Microsoft’s Simon Pope brought this to light in a recent Windows Security Response Center blog post, describing the vulnerabilities as ‘critical’.
If any computers inside your organisation are running Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, or any supported version of Windows 10, you need to check if the latest update has been installed and those systems rebooted.
If not, Microsoft strongly suggests that you do the update as soon as possible.
Older operating systems Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, and neither is the Remote Desktop Protocol (RDP) itself affected.
Any more modern Windows PCs that are set to automatically download and install updates should have these fixes installed already, but it’s recommended that businesses double-check anyway.
These critical vulnerabilities were discovered in a recent effort by Microsoft to ‘harden’ Windows’ Remote Desktop Service feature. Fortunately, Microsoft says it’s not aware that the vulnerabilities were known by ‘any third parties’.
[Source: Microsoft Security Response Centre]