We all know the internet is a place rife with viruses and hackers. We are told time and time again to tread warily the digital halls of this indispensable tool, but now it appears that simply keeping antivirus software up-to-date is not enough.
On March 13th Microsoft issued a statement regarding a recently discovered vulnerability in Remote Desktop Protocol (RDP) for all Windows operating systems up to, and including, the preview of Windows 8.
RDP is a way for computers to access one another’s information without having to be physically connected.
The problem is RDP is essentially a backdoor that allows unauthorised access into your computer, if you have it enabled. What makes it worse is that remote access does not require authentication by you in order to happen; RDP is automatically allowed through firewalls because it is so useful in day-to-day activities.
This means you won’t get a pop-up from your firewall asking if you want to allow or block access, and consequently you won’t know there’s a problem until it’s too late.
But before you panic, the good news is that Windows has RDP disabled by default for the average user like you and me. However, some workplaces have RDP enabled, so it would be a good idea to check next time you’re at the office.
Users that have Remote Desktop Access enabled are at risk
The solution: Microsoft has issued security update MS12-020 which will download and install automatically for the majority of Windows users. If you don’t have automatic updating you will have to install it manually.
To protect your computer further, you can enable Network Level Authentication (NLA). This means that you must give permission before a remote desktop session can take place, so shady hackers cannot covertly access your computer without your say-so.
So remember to apply the latest security patches; make sure your anti-virus software is up-to-date (now would be a good time to run that scan you keep putting off); and never click on something that looks even remotely suspicious.
For details visit the Microsoft blog:
Microsoft Security Update