Another RDP Vulnerability Found, But Microsoft Won’t Patch It

As cyber attacks using remote desktop protocol (RDP) ports become more common, one would think developers would be diligent about keeping these ports secure. As it turns out, that isn’t the case. Microsoft has been notified of a security gap found within RDP ports of Windows 10 starting version 1803 and Server 2019 or newer.

What is the Flaw?

The security flaw can be exploited to bypass the lock screen of a Windows machine, even when multi-factor authentication mechanisms are in place.

Therefore, if a user locks a Windows machine while connected remotely through an RDP session, if the session is temporarily disconnected, automatic reconnection will restore the session to an unlocked state.

The Stream of Attack

First, the user connects remotely to Windows 10 1803, Server 2019, or newer system using RDP. Then, when necessary, they lock the remote session. From there, an attacker could interrupt the network connection of the RDP client. This will cause the device to automatically reconnect and bypass the Windows screen lock. This could then allow a local attacker to gain access to the unlocked computer and all connected networks.

According to BleepingComputer, Microsoft was notified of the issue on April 19 and replied by saying that the ” behavior does not meet the Microsoft Security Servicing Criteria for Windows.” Therefore a patch will not be issued.

So, what can you do? Since patch management isn’t an option, users are encouraged to do the following:

  • Disable unused RDP ports
  • Deploy a security solution that utilizes application whitelisting — therefore, if a hacker does get in and tries to install malware, it will be blocked
  • For enterprise users, finding a security solution that minimizes the risk of hackers uninstalling the program would be best.

12,982 total views, 12 views today

(Visited 1 times, 2 visits today)

20 thoughts on “Another RDP Vulnerability Found, But Microsoft Won’t Patch It

  1. This information is useless to me. I have the dainty idea how to close ports where they are. This information is for a computer geek. I would thing that pcmatic would just take care of this

  2. (Reply to Brian B): My Windows 10 Home Edition computer (Dell Inspiron) shows “Remote Desktop Services” and “Remote Desktop Services UserMode Port Redirector” listed in Computer Management > Services. The description field for “Remote Desktop Services” says “Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.” Maybe PC Pitstop needs to explain the scenarios to average users a little bit better.

  3. What the F are you talking about? What IS “Remote Desktop Protocol”? How the F do I even KNOW if I have it?

    I am an ordinary person, not a computer systems professional; that is why I subscribe to PC Pitstop. There kis NO point in sending me geektalk, as I won’t know what the F you’re talking about, and do not have time to investigate every unknown term you use.

    I guess I’ll simply unsubscribe to TechTalk to avoid the frustration, but I was hoping the service would be informative to me, and that I would learn more about computer security.

  4. “Another RDP Vulnerability Found, But Microsoft Won’t Patch It

    “Microsoft Scrambles to Issue Patch for New RDP Security Hole”

    In the same newsletter. Now I’m confused.

  5. When we go on line to usual sites we use , a red screen appears saying windows is blocked and to call a number to unlock windows. We immediately shut down, wait 5 minutes and start up again. Then run PC Madic.

  6. When we go on line to usual sites we use a red screen appears saying windows is blocked and to call a number to unlock windows. We immediately shut down, wait 5 minutes and start up again.

  7. I am not a “polished” user of the computer. I just want protection which keeps my information private and safe. Frequently I receive information such as this and don’t know what to do. Usually I just ignore the information and know that is not the way to handle the matter. I rely heavily on PC Matic to take care of me. So, now what?

    • PC Matic will keep you protected, using its whitelist technology it will prevent all unknown threats from running on your computer. However, if a hacker remotes into your PC from the RDP port, they may be able to uninstall or disable PC Matic. Therefore if you’re not using the port, we advise disabling it entirely to eliminate that risk. You may learn more about disabling the RDP port here: https://techtalk.pcpitstop.com/2018/10/02/proactive-approach-rdp-attacks/

  8. I keep getting this and don’t know how to get rid of it Malwarebytes Anti-Expoit has bocked and exploit attempt Application – Windows script Host
    Protection Layer Application Behavior Protection
    File/process blocked C:\progam files (x86)pcpitstop\pcmatic\cmd\c echo C:\users
    Attacking UR: N/A
    What is this doing?????

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.