Information Technology Services (ITS)

Remote Desktop Protocol blocked due to vulnerability

Published on: May 16, 2019

On May 14, Microsoft announced a vulnerability in its Remote Desktop Protocol (RDP) component in many of its Windows operating systems. RDP is used extensively for remote access to University servers and desktop devices.

This vulnerability carries an extremely high risk of being exploited. The impact of such an incident would potentially affect thousands of University devices. The University took action to restrict RDP service from the internet on May 16 (as of approx. 1:30 p.m.)

Please consider the following advice if you use Remote Desktop and in general.

  1. Update your devices.

    If your workplace device is managed by IT staff, they will ensure that patching/updating is completed. If you manage your own device, you must ensure it is updated.

    For Windows devices:

    In the bottom left hand corner of your computer click on the Windows icon. Then enter  ‘Windows Update’ in the search bar and run. If your device is up-to-date, you will be informed. If not, please follow the instructions, re-booting if necessary.

  2. If you use RDP to connect to University services remotely there are two use cases to address:

    • If your device is managed by IT staff and you are connecting to an RDP ‘gateway’ service, then your remote access should continue to work.
    • If you are using your own personal device for work and you RDP into it directly, your service may be blocked soon. To work around this block, please refer to: https://isea.utoronto.ca/advisory-remote-desktop-protocol-vulnerability/ or seek assistance from your local IT support staff.

Thank you for your cooperation and support in helping to keep the University’s information and systems safe. We will update you as more information becomes available.

———————-

Additional FAQs

  1. If my computer is a work device and managed by an IT department at the University, do I have to update my device?

    No you do not have to update your system. IT staff will ensure the update is completed. There is no action required on your part at the present time.

  2. I use my personal computer at home and when travelling. Do I need to follow any steps or do anything to update my device?

    Yes, please see steps 1 and 2 in the article above.

  3. Who can I contact for help or to answer other questions?

    Please call your local IT support staff.