Why?

Microsoft has identified a high risk vulnerability affecting all computers running Windows 7, and is developing a patch. WPI Information Technology (IT) will take action while awaiting the patch.

Impact

An unauthenticated attacker could connect to a Windows 7 system using Remote Desktop Protocol (RDP). This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the targeted system. An attacker could then install malicious programs; view, change, or delete data; or create new accounts with full user rights.

Action Needed

Action will be taken by WPI IT, and action is required by users. Please see details for more information regarding: Virtual Private Network (VPN) requirement Patch installation Please see buttons below for VPN information and Microsoft's announcement.

Details

Microsoft is developing a patch. While we await its release, beginning at 5 PM today IT will temporarily block remote access from outside unless you are using VPN, except the terminal server at windows.wpi.edu.

When the patch is available IT will install it on all IT-managed Windows 7 systems connected to the ADMIN domain, and remove the block. Owners of Windows 7 systems that are not on the ADMIN domain must apply this patch manually.