"Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year"

Microsoft released patches for a record number of common vulnerabilities and exposures in 2020, many of which impacted the Microsoft Remote Desktop Protocol (RDP). The Remote Desktop service proved essential during the COVID-19 pandemic as many organizations have transitioned to remote work structures. According to Satnam Narang, a research engineer at Tenable, Microsoft has patched a total of 1,245 bugs this year, significantly exceeding the 840 bugs fixed in 2019 and the combined total of bugs patched in 2017 and 2018. The increased use of the Remote Desktop Client, Remote Desktop Services, and Remote Desktop Gateway during the pandemic has made them more appealing targets for hackers. Brute force is the most common type of attack executed against RDP in which criminals try different username and password combinations for an RDP connection until one is accepted. There was a surge in the use of this attack method in early March, resulting in the total number of attacks reaching 3.3. billion within the first 11 months of 2020. This article continues to discuss Microsoft's prioritization of Remote Desktop flaws this year, the increased targeting of protocols by attackers, the launch of brute force attacks against RDP, and the growth in security research surrounding RDP. 

Dark Reading reports "Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year"