Is it enough to deactivate RDP to avoid RPD exploits?

Question

I just got word about the newest known vulnerability of the RDP service. 2 Days ago microsoft made a blog post about it and delivered updates. OS wise even for windows xp.

From what I understand the vulnerability seems to come into effect, before there is any attempt to authentificate the connection / user as authentification does not affect it. The patch microsoft delivered should eliminate the problem.

Still though I'm wondering if it is already enough to "just" deactivate the RDP service to avoid being vulnerable to this kind of vulnerability? (naturally this does not circumvent having to apply the patch in the end).

Yes having no port/service to connect to mitigates the exploit — Drifter104, May 16 '19 at 09:02
tnx @Drifter104 I was just not sure if its enough or not (the patch page wasn't 100% clear for me nor my collegues). — Thomas, May 16 '19 at 09:12

score 0 · Accepted Answer · answered May 17 '19 at 00:47

The security bulletin for CVE-2019-0708 answers this question: yes, disabling Remote Desktop Services mitigates the issue.

In fact, just turning on Network Level Authentication protects you from unauthenticated attacks. (Whether this is a sufficient mitigation depends on your circumstances.)

Is it enough to deactivate RDP to avoid RPD exploits?

1 Answers1