Earlier this week, Microsoft released a strongly worded advisory regarding a Critical vulnerability affecting the Remote Desktop Protocol (RDP). I’ve been looking over the advisory, and now that Luigi Auriemma has also released his original Proof of Concept there’s even more detail to go on.
There are tons of posts, assessments, etc out there on the ‘Net now, and I’m not going to regurgitate all that data. What I am going to do is explain some mitigation actions for an assumed audience of Control System engineers, and lay out a basic process for mitigating that involves vendor participation.
RDP is used in control system environments as a remote administration and maintenance tool, or as a means to access an application that engineers can’t distribute over their entire infrastructure due to licensing costs. It’s especially used in multi-vendor environments, basically to allow a single console to act over the multiple vendors. It is also used extensively for remote troubleshooting and maintenance activities, one of the higher risk functions. I’ve even seen it used as a primary method of operator interaction with the central SCADA server. In summary, it’s used everywhere, rarely managed on the internal network, and is often allowed from the corporate network and even over Internet (doubt that?). [Read more…]