What is it?

Remote Desktop Protocol (RDP) allows a remote computer to take control of a computer in your network. RDP comes pre-installed for Microsoft Windows but can also be used with Apple OSX computers. RDP is used by many to work-from-home; it’s also used by IT support departments to perform remote maintenance and troubleshooting. RDP uses port 3389.

Why is it a risk?

Because it is ubiquitous and powerful, RDP has had several vulnerabilities exposed. The Rapid7 link below provides details on 24 of these. These RDP vulnerabilities are specific to Microsoft Windows servers. Some RDP vulnerabilities are quite specific: CVE-2019-0932 only allows Android phones to access Skype. Others are quite broad: CVE-2019-0863 allows the creation of administrator accounts (!).

How can you mitigate the risk?

The best approach is to not allow RDP across the Internet using firewall rules; either disallow all traffic on port 3389 or limit access to specific IP addresses or Mac Addresses.

Keeping your Microsoft Windows server operating system up-to-date or patched is a good practice. If you have a current Microsoft service account, then you can update to the latest version. If not, then you can still apply patches that address specific vulnerabilities, see the link below.

The University of California Berkley link below provides excellent advice on securing RDP.

The United States CISA link below provides information about the most recent, high risk, vulnerabilities.

Resources:

UC Berkley Guide to securing RDP
https://security.berkeley.edu/education-awareness/best-practices-how-tos/system-application-security/securing-remote-desktop-rdp

Microsoft Updates (requires Internet Explorer)
https://update.microsoft.com

US Cybersecurity and Infrastructure Security Agency (CISA)
https://us-cert.cisa.gov/ncas/alerts/aa20-014a

Rapid7 RDP Vulnerabilities Details
https://blog.rapid7.com/2017/08/09/remote-desktop-protocol-exposure/

Share →