According to an update we received from the National Computer Emergency Response Team (CERT), a major cyber-attack campaign is underway.

This campaign engages a systematic search and ultimately targeting, exploiting a well known Windows vulnerability associated with the Remote Desktop Protocol (Windows RDP). By exploiting this weakness, attackers can obtain system passwords. Computers that seem to keep the RDP Protocol open, appear to be the targets of that attack. The following technical steps listed below are essential:

1. Make sure all of your Windows servers and Windows clients have the latest Microsoft updates (the vulnerability described above is resolved in the October Patch Tuesday security update released by Microsoft).

2. Prohibit any unnecessary access to remote desktop services on your PC, especially from the outside networks with the help of Windows Firewall. More specifically access to listening ports for Remote Desktop (TCP port 3389) .

3. Use strong passwords for accounts that have access to connect via remote desktop on your computers and apply password complexity rules.

4. Use Network Level Authentication (NLA) on your Windows servers and Windows clients, which offers an additional level of authentication when establishing a connection to such a machine.

From the AUTH-CERT Team