Security News

In the intervening decades, RDP has become a widely used protocol for remote access and administration of Windows-based systems. The downside of RDP's widespread use is that a Remote Code Execution vulnerability in an RDP gateway can have severe consequences, potentially leading to significant damage and compromising the security and integrity of the affected system.

Hackers swarm to RDP. An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours. The attack count for the entire year reached 13 million login attempts.

Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol ports. This analysis coincides with the latest addition of over 34 million compromised passwords to the Specops Breached Password Protection Service, which now includes over 3 billion unique compromised passwords.

Microsoft is now taking steps to prevent Remote Desktop Protocol brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week.

Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks. The issue of macros has become a particularly gnarly one for the software giant.

"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet. Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.

Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts after 10 failed sign-in attempts for 10 minutes. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston, Microsoft's VP for Enterprise and OS Security, tweeted Thursday.

Redmond published three cumulative updates as part of its scheduled June 2022 monthly "C" updates to allow customers to test upcoming fixes: KB5014668, KB5014665, and KB5014669. As the company revealed on Thursday in updates to known issue entries in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.

This month's Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service enabled. One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP. Windows Remote Desktop and VPN connectivity issues.

Two of the more prolific cybercriminal groups, which in the past have deployed such high-profile ransomware families as Conti, Ryuk, REvil and Hive, have started adopting the BlackCat ransomware-as-as-service offering. The use of the modern Rust programming language to stabilize and port the code, the variable nature of RaaS, and growing adoption by affiliate groups all increase the chances that organizations will run into BlackCat - and have difficulty detecting it - according to researchers with the Microsoft 365 Defender Threat Intelligence Team.