Vulnerability Impacts Remote Desktop Connection
Windows 7 Remote Desktop Connections will require VPN
Microsoft has identified a high risk vulnerability affecting all computers running Windows 7, and is developing a patch. WPI Information Technology (IT) will take action while awaiting the patch.
An unauthenticated attacker could connect to a Windows 7 system using Remote Desktop Protocol (RDP). This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the targeted system. An attacker could then install malicious programs; view, change, or delete data; or create new accounts with full user rights.
Action will be taken by WPI IT, and action is required by users. Please see details for more information regarding:
- Virtual Private Network (VPN) requirement
- Patch installation
Please see buttons below for VPN information and Microsoft's announcement.
Microsoft is developing a patch. While we await its release, beginning at 5 PM today IT will temporarily block remote access from outside unless you are using VPN, except the terminal server at windows.wpi.edu.
When the patch is available IT will install it on all IT-managed Windows 7 systems connected to the ADMIN domain, and remove the block.
Owners of Windows 7 systems that are not on the ADMIN domain must apply this patch manually.
Timeline & Updates
16 May 2019, 10:00 AM
Microsoft Patch Application Scheduled
Microsoft has released a patch to mitigate the Remote Desktop Connection vulnerability. IT has scheduled its application to Windows 7 computers during next week's monthly maintenance.
Posted: 15 May 2019, 11:30 AM
Start: 15 May 2019, 10:00 AM