Microsoft Fixes RDP Bug, But Should You Even Be Using RDP?

By /

Listen to this Post

Microsoft has addressed a known issue causing Remote Desktop Protocol (RDP) disconnections after 65 seconds when connecting from Windows 11 24H2 to Windows Server 2016 or earlier. While the patch resolves the bug, security experts argue that RDP should be disabled entirely due to its high exploitation risk by malware actors.

Read more about the fix here: BleepingComputer

You Should Know:

1. Disabling RDP on Windows

To mitigate risks, disable RDP unless absolutely necessary:


<h1>Check if RDP is enabled</h1>

Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections"

<h1>Disable RDP</h1>

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1

<h1>Enable firewall block for RDP (Port 3389)</h1>

netsh advfirewall firewall add rule name="Block RDP" dir=in action=block protocol=TCP localport=3389

#### **2. Secure Alternatives to RDP**

  • SSH (Linux/Windows): 
    </li>
</ul>

<h1>Linux SSH server setup</h1>

sudo apt install openssh-server 
sudo systemctl enable ssh 
sudo systemctl start ssh

<h1>Windows SSH (PowerShell)</h1>

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 
Start-Service sshd

    VPN + Restricted RDP: Only allow RDP over a VPN.

    #### **3. Detecting RDP Exploits**

    Check for suspicious RDP login attempts:

    
<h1>Windows Event Log (Failed RDP Logins)</h1>

Get-WinEvent -FilterHashtable @{LogName='Security'; ID='4625'} | Format-List 

    
<h1>Linux (Fail2Ban for SSH/RDP)</h1>

sudo apt install fail2ban 
sudo systemctl enable fail2ban

    #### **4. Disabling Quick Assist (Exploited Tool)**

    
<h1>Unregister Quick Assist (Windows 10/11)</h1>

Get-AppxPackage <em>QuickAssist</em> | Remove-AppxPackage

    ### **What Undercode Say:**

    RDP remains a prime target for brute-force attacks, credential theft, and ransomware. If you must use it:
    – Restrict access via firewalls (allow only specific IPs).
    – Enable Network Level Authentication (NLA).
    – Monitor logs for anomalies.
    – Consider Zero Trust models with MFA.

    For admins:

    
<h1>Linux alternative: X2Go (Secure Remote Desktop)</h1>

sudo apt install x2goserver x2goclient 

    
<h1>Enable NLA on Windows</h1>

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 1

    Expected Output: A locked-down RDP environment or its complete replacement with SSH/VPN.

    References:

    Reported By: Phuong Nguyen – Hackers Feeds
    Extra Hub: Undercode MoN
    Basic Verification: Pass ✅

    Join Our Cyber World:

    💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: