Organisations should urgently apply a Windows update released by Microsoft last week, which fixes a severe vulnerability that hackers are actively attempting to attack.

The flaw (CVE-2019-0708) exists in Windows’ Remote Desktop Protocol (RDP), and can allow criminals to perform a variety of attacks such as installing malware and stealing data.

You may have enabled RDP to allow functions like logging in to the office from home. If the service is active, attackers can send a special packet that grants them remote code execution.

Researchers say there are some three million RDP services exposed to the internet – each of which is at heightened risk of compromise.

The vulnerability is also wormable, a phrase given to attacks that spread from victim-to-victim such as the Wannacry ransomware or NotPetya wiper malware of 2017.

Professional security researchers and hackers of ill intent are actively researching ways to exploit this vulnerability. Attacks have not surfaced as of the time of writing, but it is likely they will over coming days and weeks. Criminals are showing active interest in this flaw.

Microsoft releasing a patch for its long-since unsupported Windows XP operating system speaks to the severity of this vulnerability.

Our cybersecurity team at Telstra has worked hard to ensure our systems and those of our managed customers are patched.

We urge everyone in the community to prioritise this patch so that their data, and that of their customers, will remain protected.