Mitigating serious vulnerabilities in Windows software
NCSC and HMRC have highlighted that ‘serious vulnerabilities’ in the Windows RDP service recently became public.
These are referred to as Bluekeep, affecting older versions of Windows (not 8 and 10). Microsoft has issued urgent updates for affected systems, unusually including updates for Windows XP systems as they previously did for the WannaCry threat.
The NCSC highlighted over one million systems were still vulnerable in its weekly threat report. It is essential to install updates to your operating systems and software regularly. This can ensure that criminals are unable to identify and exploit old and vulnerable versions of RDP.
There are a number of defences that can be employed to use RDP safely, such as connecting to your office via a Virtual Private Network (VPN) first, which has other security benefits when working away from the office.