More critical Remote Desktop flaws expose Windows systems to hacking
Microsoft has identified and patched several vulnerabilities in the Windows Remote Desktop Services (RDS) component — formerly known as Terminal Services — which is widely used in corporate environments to remotely manage Windows machines. Some of the vulnerabilities can be exploited without authentication to achieve remote code execution and full system compromise, making them highly dangerous for enterprise networks if left unfixed.
All the flaws have been discovered internally by Microsoft during hardening of the RDS component, so no public exploits are available at this time. However, Microsoft researcher Justin Campbell said on Twitter that his team “successfully built a full exploit chain using some of these, so it’s likely someone else will as well.”