Vulnerability Impacts Remote Desktop Connection

Windows 7 Remote Desktop Connections will require VPN

This news post has 1 update

Why

Microsoft has identified a high risk vulnerability affecting all computers running Windows 7, and is developing a patch. WPI Information Technology (IT) will take action while awaiting the patch.

Impact

An unauthenticated attacker could connect to a Windows 7 system using Remote Desktop Protocol (RDP). This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the targeted system. An attacker could then install malicious programs; view, change, or delete data; or create new accounts with full user rights.

Action Needed

Action will be taken by WPI IT, and action is required by users. Please see details for more information regarding:

  • Virtual Private Network (VPN) requirement
  • Patch installation

Please see buttons below for VPN information and Microsoft's announcement.

Details

Microsoft is developing a patch. While we await its release, beginning at 5 PM today IT will temporarily block remote access from outside unless you are using VPN, except the terminal server at windows.wpi.edu.

When the patch is available IT will install it on all IT-managed Windows 7 systems connected to the ADMIN domain, and remove the block.

Owners of Windows 7 systems that are not on the ADMIN domain must apply this patch manually.


Timeline & Updates

Microsoft Patch Application Scheduled

Microsoft has released a patch to mitigate the Remote Desktop Connection vulnerability. IT has scheduled its application to Windows 7 computers during next week's monthly maintenance.

Posted: 15 May 2019, 11:30 AM

Start: 15 May 2019, 10:00 AM

Status

In Progress


Timing

From

Wednesday

15 May 2019

10:00 AM

Posted

15 May 2019, 11:30 AM


Audience

Faculty Staff Students