A vulnerability in Microsoft’s Remote Desktop Service allows hackers to invade Windows computers. The attacker could enter a code remotely, eliminating the need for a password and username. Time to update your Windows!
After entering this code, the system is completely taken over. It National Cyber Security Center (NCSC) says it’s easy to avoid by downloading the latest security update. Microsoft has discovered the vulnerability itself and states that there is no evidence that hackers have exploited it.
With the Remote Desktop Service, users can remotely access, for example, their own computer or the computer at work. This is also possible from devices, such as telephones, that do not run on a Windows operating system. The Remote Desktop is disabled by default. So the leak only applies if you have enabled the service yourself.
New variants
It is actually a new version of a vulnerability in older versions called Bluekeep. Initially, the leak only affected Windows versions 7 and older. Microsoft already made a patch for that in May. This leak was actively exploited, according to various media. It is therefore important to install the patch.
However, now the leak also applies to Windows 8.1 and Windows 10. Microsoft has released a ‘patch’ for it, a small software update that fixes errors. However, it must be installed manually. You do this by going to your update settings and clicking the ‘check for updates’ button. If Windows is up to date, the danger is gone.
Source: Radar
