SECURITY BULLETIN: Vulnerabilities with Remote Desktop – are your 8872s protected?
In the last month, we have seen two compromised 8872s and one attempted compromise, all identified as using Remote Desktop as the attack vector.
Many agencies use the default port 3389, and in the case of a public IP wireless modem, this has recently appeared to be a point of vulnerability for many systems. A particular RDP hacking tool exists that provides for the interception of RDP passwords if malicious code can be loaded on an intermediate system (e.g., in systems of the ISP for the office or the wireless carrier), and the recent Solar Winds compromise makes it possible that such interception could be occurring or have occurred to collect passwords before system patching.
We have created a security bulletin of two simple steps that can be taken to secure 8872 systems using default ports and public wireless networks, and we would recommend they be implemented as soon as possible. It is also good practice not to use the 8872 to browse web sites not well known and trusted.
Note that this issue is not related at all to TeamViewer, nor have we observed any of the compromises related to TeamViewer. They have been specifically identified as RDP intrusions only. That being said, it is also good practice to update TeamViewer to run the most recent versions (TeamViewer->Help->Check For New Version).