The Remote Desktop Protocol (RDP), used by many
organizations for Windows management, is an incredibly powerful, widely used
tool. Developed by Microsoft, the complex protocol provides users with a
graphical interface to connect to another computer over a network connection.
It’s a helpful tool for businesses, since the user experience is the same as
using a Windows workspace: You can run all applications and interact with the
whole system.So, what’s the catch? RDP has had several reported
vulnerabilities in the past few years, with the most recent one – CVE-2019-0708
– reported in May 2019. This recent vulnerability, known as BlueKeep, could
allow a wormable malware, such as a ransomware, to propagate through vulnerable
systems. BlueKeep allows attackers to connect to RDP services. From there, they
can issue commands to steal or modify data, install malware, and conduct other
malicious activities.It’s a notable vulnerability for several reasons, including
the unsettling fact that exploitation of the vulnerability doesn’t require
authentication by the user. In other words, bad actors wanting to exploit this
vulnerability have free reign, since it doesn’t require victims to click
anything to activate. If you’re running one of the implicated Windows Operating
Systems, and you haven’t applied the patch, you could be under attack at any
time. In fact, security researchers have recently discovered a BlueKeep
campaign in the wild, being used as part of a hacking campaign.
In the wake of the discovery and weaponization of this
vulnerability, it’s clear that RDP can be a high-risk area when it comes to
security. It’s a risk that organizations aren’t focusing enough attention on.
Beyond patching for specific vulnerabilities, how can organizations continue to
use the all-important RDP protocol, while still ensuring the security of their IT
systems?Limit Internet-facing protocolsEliminating RDP and replacing it with other tools may be
difficult, if not nearly impossible, for many organizations. The tool is simply
too valuable. But, there are smarter, safer ways to use it. Right now, too many
organizations are leaving RDP exposed to the Internet, making it more
susceptible to exploitation by bad actors. When services directly connected to
your back office are facing the public internet, that puts critical business
processes at risk.Organizations should focus on opening as few applications in
the public Internet as possible. Instead, they can concentrate on using
well-known standardized protocols, like HTTPS, a protocol that secures the
communication between two systems.Use a Zero Trust approachThe Zero Trust framework also provides guidance on how
organizations can better secure their processes around using RDP. Zero Trust is
a strict approach to cybersecurity where every individual or device requesting
access to a private network is required to be identified and authorized. Zero
Trust is often described by the axiom “don’t trust, always verify.” Even if
individuals and devices are already within the corporate network, there’s still
a possibility they’ve been corrupted, as is possible with RDP vulnerabilities
like BlueKeep.Segregation of dutiesThere are a few Zero Trust strategies that
organizations can apply to improve the way they use RDP. The first is
segregation of duties. The basic idea is that it’s dangerous for any one
individual or device to have access to all of an organization’s critical IT
resources, since if they were hacked, the hacker would gain unfettered access
to everything in the corporate network. Segregation of duties ensures that
employees only have access to the IT resources they absolutely need in order to
do their jobs.Least privileged accessSegregation of duties is often achieved by giving each
user least privileged access. According to the Zero Trust model, you should
limit access to applications and services to the narrowest possible group,
based on users’ roles within the organization. Additionally, users are validated
and authenticated for each individual access request.Essentially, it’s a way of ensuring that users are only
interacting with the applications and services that are relevant to them,
limiting exposure and security risk. With a Zero Trust approach, organizations
wouldn’t have to hand out access to everything when using an RDP.Access management solutions that enable web access provide
security benefits by using HTML5 standards to implement remote access. They can
control what applications and what services are open to users, based on their
roles. In this way, you can apply controls to RDP.By using an access management solution as a gateway, you
can apply Zero Trust principles to part of the process. Once users are
authenticated within the internal network, you can use the RDP protocol
internally. Only validated users can continue accessing internal
services with service specific protocols, like RDP,
making it more secure all around.The RDP protocol is commonly used and difficult to replace,
but it’s also a high-risk area. By minimizing what’s exposed to the Internet
and applying Zero Trust principles to RDP, organizations can be smarter about
how they use it and make sure they’re not risking the security of their IT systems
in the process.
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing underlying system files, and command injection attacks, respectively.
The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw in Trend Micro Apex One (on-premise) with a CVSS score of 6.7.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
