Microsoft releases guidance for dealing with remote desktop security risks

News
By last updated

Remote desktop use is on the rise but so are cyberattacks aimed at vulnerable systems

remote desktop
(Image credit: Microsoft)

Businesses and organisations using Remote Desktop Services (RDS) should take note of new advice from Microsoft detailing how to address security challenges associated with remote systems.

The on-going Covid-19 pandemic has caused businesses around the world to rapidly adopt remote desktop applications so that their employees can work from home

Although RDS systems are proving useful in these exceptional circumstances, they also present a security risk. Hackers are taking advantage of their uptake, leading to an unprecedented number of cyberattacks aimed at Microsoft Remote Desktop and other RDS users.

Security challenges

As Microsoft points out, research has shown a jump over the past couple of months in the number of systems that can be accessed via the public internet using traditional and well-known “alternative” Remote Desktop Protocol (RDP) ports. 

Although commonly used for RDS, these ports have known security issues and shouldn’t be made publicly accessible for RDP without other protections (such as multi-factor authentication) in place.

James Ringold, an enterprise security advisor for the Microsoft Security Solutions Group, points out that cyber criminals can use RDP to establish a foothold on corporate networks, potentially using an insecure remote connection as an opportunity to “install ransomware on systems, or take other malicious actions”.

For IT teams wishing to address remote desktop vulnerabilities, Microsoft lists a few key considerations to take into account. These include the lateral movement which accounts are permitted (this will determine if an attacker can access other file systems after an initial breach) and whether your RDS can be reached via the public internet.

Further, Microsoft strongly suggests that any RDS-using business carry out security audits and review firewall policies. As part of this, companies should consider scanning the public internet for exposed addresses from their network on default RDP ports like TCP 3389.

TOPICS
Jacob Parker
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Andrew Koji as Zeek pointing a gun at someone off camera.

Andrew Koji reveals Gangs of London season 3's new mysterious assassin is like 'the human Terminator' in the Sky Original series
See more latest
Most Popular
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De'Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable