Microsoft’s monthly Patch Tuesday updates rolled out earlier this week, and you should update Windows pronto. The updates include patches for four severe “wormable” security exploits that can let attackers spread malware without any user action, similar to WannaCry and the BlueKeep vulnerability that coerced Microsoft into releasing a rare post-death patch for Windows XP.
“This vulnerability is pre-authentication and requires no user interaction,” reads Microsoft’s description of the four vulnerabilities (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-122). “An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
That sounds terrifying, but don’t panic: The Remote Desktop Services protocol is disabled by default, so most home users shouldn’t be vulnerable. Unlike Bluekeep, however, this latest RDS exploit affects Windows 10.
Simply applying the new updates closes the security hole. Your PC might have already done so automatically, but you should double-check. To do that, click on the Start button, then head to Options > Update & Security > Windows Update and click the Check for Updates button.
While you’re busy fiddling with settings, also consider confirming that Remote Desktop is off. Microsoft has had to issue updates to harden the feature against exploits several times in 2019, so there's no reason to expose your PC to the potential risk if you don’t actively use it. Search for “remote access” and select the “Allow remote access to your computer” option that appears. In the system properties pop-up that follows, ensure that “Allow remote assistance connections to this computer” is unchecked, then click OK.
Finally, while Windows 10 indeed provides stronger protection than past versions of Windows, the default security often isn’t enough in today’s hyper-connected world. Check out PCWorld’s guide to the best Windows antivirus software to see our picks for the most effective solutions. A solid AV program can’t block gaping security holes like this one, but it can detect and block the more commonplace malware you might encounter during day-to-day life.