Vulnerability Impacts Remote Desktop Connection

Windows 7 Remote Desktop Connections will require VPN

This news post has 1 update


Microsoft has identified a high risk vulnerability affecting all computers running Windows 7, and is developing a patch. WPI Information Technology (IT) will take action while awaiting the patch.


An unauthenticated attacker could connect to a Windows 7 system using Remote Desktop Protocol (RDP). This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the targeted system. An attacker could then install malicious programs; view, change, or delete data; or create new accounts with full user rights.

Action Needed

Action will be taken by WPI IT, and action is required by users. Please see details for more information regarding:

  • Virtual Private Network (VPN) requirement
  • Patch installation

Please see buttons below for VPN information and Microsoft's announcement.


Microsoft is developing a patch. While we await its release, beginning at 5 PM today IT will temporarily block remote access from outside unless you are using VPN, except the terminal server at

When the patch is available IT will install it on all IT-managed Windows 7 systems connected to the ADMIN domain, and remove the block.

Owners of Windows 7 systems that are not on the ADMIN domain must apply this patch manually.

Timeline & Updates

Microsoft Patch Application Scheduled

Microsoft has released a patch to mitigate the Remote Desktop Connection vulnerability. IT has scheduled its application to Windows 7 computers during next week's monthly maintenance.

Posted: 15 May 2019, 11:30 AM

Start: 15 May 2019, 10:00 AM


In Progress




15 May 2019

10:00 AM


15 May 2019, 11:30 AM


Faculty Staff Students