Skip to main content

Microsoft releases guidance for dealing with remote desktop security risks

remote desktop
(Image credit: Microsoft)

Businesses and organisations using Remote Desktop Services (RDS) should take note of new advice from Microsoft detailing how to address security challenges associated with remote systems.

The on-going Covid-19 pandemic has caused businesses around the world to rapidly adopt remote desktop applications so that their employees can work from home

Although RDS systems are proving useful in these exceptional circumstances, they also present a security risk. Hackers are taking advantage of their uptake, leading to an unprecedented number of cyberattacks aimed at Microsoft Remote Desktop and other RDS users.

Security challenges

As Microsoft points out, research has shown a jump over the past couple of months in the number of systems that can be accessed via the public internet using traditional and well-known “alternative” Remote Desktop Protocol (RDP) ports. 

Although commonly used for RDS, these ports have known security issues and shouldn’t be made publicly accessible for RDP without other protections (such as multi-factor authentication) in place.

James Ringold, an enterprise security advisor for the Microsoft Security Solutions Group, points out that cyber criminals can use RDP to establish a foothold on corporate networks, potentially using an insecure remote connection as an opportunity to “install ransomware on systems, or take other malicious actions”.

For IT teams wishing to address remote desktop vulnerabilities, Microsoft lists a few key considerations to take into account. These include the lateral movement which accounts are permitted (this will determine if an attacker can access other file systems after an initial breach) and whether your RDS can be reached via the public internet.

Further, Microsoft strongly suggests that any RDS-using business carry out security audits and review firewall policies. As part of this, companies should consider scanning the public internet for exposed addresses from their network on default RDP ports like TCP 3389.