mbk1969:

How do you do that?

fantaskarsef:

iirc, I did it via an extra tool (windows privacy dashboard here from the forums). I'll check again to be sure.

I haven't used Windows in a long while so I don't remember off the top of my head, but I thought you could disable it via a checkbox in the System preferences (from control panel), or, through msconfig. Either way, I know you don't need a 3rd party tool for it.

TheDeeGee:

Phew good thing i run Win 98 SE then 😛

Soooo next-gen. 😀 DOS 7.0 with MS Word 1.0 FTW!!! Article from MS with a table listing the KB numbers, mitigations and workarounds: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 @mbk1969 : I have to look into this issue, but disabling RDP completely is possible. Blocking port 3389 in and outbound should do it as a first countermeasure.

schmidtbag:

I haven't used Windows in a long while so I don't remember off the top of my head, but I thought you could disable it via a checkbox in the System preferences (from control panel), or, through msconfig. Either way, I know you don't need a 3rd party tool for it.

That`s about remote assistance I suspect.

fantaskarsef:

iirc, I did it via an extra tool (windows privacy dashboard here from the forums). I'll check again to be sure.

386SX:

Soooo next-gen. 😀 DOS 7.0 with MS Word 1.0 FTW!!! Article from MS with a table listing the KB numbers, mitigations and workarounds: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 @mbk1969 : I have to look into this issue, but disabling RDP completely is possible. Blocking port 3389 in and outbound should do it as a first countermeasure.

I remember I was not in the mood to disable RDP services, and switching them to manual start mode had no effect (at least on some of them) and they continued to start.

mbk1969:

That`s about remote assistance I suspect. I remember I was not in the mood to disable RDP services, and switching them to manual start mode had no effect (at least on some of them) and they continued to start.

Remote assistance is one of them, but I thought there was a separate checkbox for just remote desktop in general. Like I said, it's been a while, so I'm going on memory right now. From my own observation, setting a service to "manual" (assuming you're using Administrative Tools -> Services) doesn't necessarily prevent it from being automatically started-up, if another program is requesting it. I'm pretty sure you can still set it to disabled, which prevents this from happening, and then manually run the service yourself if you happen to know what the executable is. It's not the most user-friendly approach, but, how often do you find yourself wanting to get rid of RDP while occasionally finding yourself needing it? Most people who do remote desktop either don't care that the service is on (and like 386SX said, just block the port on your router for security purposes) or just outright disable it and never look back.

schmidtbag:

Remote assistance is one of them, but I thought there was a separate checkbox for just remote desktop in general. Like I said, it's been a while, so I'm going on memory right now. From my own observation, setting a service to "manual" (assuming you're using Administrative Tools -> Services) doesn't necessarily prevent it from being automatically started-up, if another program is requesting it. I'm pretty sure you can still set it to disabled, which prevents this from happening, and then manually run the service yourself if you happen to know what the executable is. It's not the most user-friendly approach, but, how often do you find yourself wanting to get rid of RDP while occasionally finding yourself needing it? Most people who do remote desktop either don't care that the service is on (and like 386SX said, just block the port on your router for security purposes) or just outright disable it and never look back.

I was just curious what component started those RDP services, but I was lazy to research. So I just left them on manual. I just thought by reading posts here that people know this stuff. PS And since my home rig is on Home Windows edition I suspect MS should get rid of RDP completely, but no, it is used by some component.

It's literally amazing to me that people run Windows and somehow fail to keep it up-to-date....! Just bizarre. Microsoft invests a lot of money in keeping Windows secure--and updates are free--and mostly automatic these days. But some people go to great lengths to avoid them because of all kinds of superstitious rumors they pick up in various places--like--"Don't take that update--it's got a virus that grabs your bank-account numbers!"--probably started by the person who wrote the real virus that the update kills, most likely...;)

waltc3:

Microsoft invests a lot of money in keeping Windows secure--

Yeah well clearly not enough.

But some people go to great lengths to avoid them because of all kinds of superstitious rumors they pick up in various places--like--"Don't take that update--it's got a virus that grabs your bank-account numbers!"--probably started by the person who wrote the real virus that the update kills, most likely...;)

I don't know of anyone who claims such things, but, there are people who rightfully are worried about running updates because they don't want their system malfunctioning. Considering how often Windows Update seem to break things, that concern is growing more and more justified.

schmidtbag:

Yeah well clearly not enough. I don't know of anyone who claims such things, but, there are people who rightfully are worried about running updates because they don't want their system malfunctioning. Considering how often Windows Update seem to break things, that concern is growing more and more justified.

Have you statistics over the years of Windows Update existence? May be the rate of failed updates doesn`t increase.

mbk1969:

Have you statistics over the years of Windows Update existence? May be the rate of failed updates doesn`t not increase.

I'm not talking about failed updates (as in, updates that didn't install properly); that's more coincidence, hardware error, or user error, rather than MS's problem. In fact, recovering from failed updates is pretty much the only thing MS does a good job about updates, so long as you can still boot to the desktop. But, if you meant to say regressive updates (as in, updates that break things because they weren't tested enough), I'm not sure what the statistics are, but it seems apparent that the regressions are more severe than they used to be, and updates seem to be rolled back or recalled more frequently. The fact it seems to happen on a monthly basis is unacceptable, especially for a paid OS. I've seen better bug tracking in hobbyist OSes like Haiku.

schmidtbag:

But, if you meant to say regressive updates (as in, updates that break things because they weren't tested enough), I'm not sure what the statistics are, but it seems apparent that the regressions are more severe than they used to be, and updates seem to be rolled back or recalled more frequently. The fact it seems to happen on a monthly basis is unacceptable, especially for a paid OS.

"Seems" is correct word then.

waltc3:

It's literally amazing to me that people run Windows and somehow fail to keep it up-to-date....! Just bizarre. Microsoft invests a lot of money in keeping Windows secure--and updates are free--and mostly automatic these days. But some people go to great lengths to avoid them because of all kinds of superstitious rumors they pick up in various places--like--"Don't take that update--it's got a virus that grabs your bank-account numbers!"--probably started by the person who wrote the real virus that the update kills, most likely...;)

Hi there. There are a lot of reasons to NOT keep Win10 up2date or at least postpone updates a few days or weeks. See, while some guys set their WU to auto, I tend to search for updates after 2-5 days after the MS patchday. Why? Because MS issued some updates in the past which were ... a little ... destructive ... to say the least. So on patchday I search for issues with those updates and if there are some, I delay the update until I know of a fix. If they are considered OK I install them right away. I set my connection to metered, so I may choose when to download the stuff. In addition I use "WSUS Offline Update" to have a current storage of all updates within my LAN. And NO, AFAIK MS didn't ever release an update with viruses included. Btw: Seems there is the reg location involved:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

(and its sub dirs, if anyone wants to fiddle around) These are firewall rules to block port 3389 in- and outbound.

netsh advfirewall firewall add rule name="Disable RDP TCP 3389 IN" dir=in action=block protocol=tcp localport=3389
netsh advfirewall firewall add rule name="Disable RDP UDP 3389 IN" dir=in action=block protocol=udp localport=3389

netsh advfirewall firewall add rule name="Disable RDP TCP 3389 OUT" dir=out action=block protocol=tcp remoteport=3389
netsh advfirewall firewall add rule name="Disable RDP UDP 3389 OUT" dir=out action=block protocol=udp remoteport=3389

Execute each line in an >>elevated<< command prompt. It will create 4 rules in your firewall: one block for incoming connections at port TCP 3389 and one at UDP 3389 (used by RDP since v8!) and the same outgoing. Tested on Win10 1903 Pro. It should only say "OK" if applied correctly.

schmidtbag:

I haven't used Windows in a long while so I don't remember off the top of my head, but I thought you could disable it via a checkbox in the System preferences (from control panel), or, through msconfig. Either way, I know you don't need a 3rd party tool for it.

This I did, use the checker, and it shows all the services stopped except the management service. Not sure if this is "enough"

The remote desktop feature is supposed to be disabled by default anyway, you don't have to fiddle with it at all unless you've used it previously

Here's my own (accordingly) checklist after 1903 up'-to-'date : Turning On System Restore in Windows 10 O&O ShutUp 10 - Using a 3rd-party tool to automate the process of disabling Windows Telemetry and other phone-home services of Windows 10. Disabling "Allow Remote Access" Disabling Cortana Getting rid of Suggested apps [Settings > Personalization > Start and turn off Occasionally show suggestions] in Start. Managing Apps [From the Settings screen, Settings > Apps > Apps & Features, click an app, and click “Advanced Options.”] ....there might others that are less important or i'd missed.;)

NSA: asks windows users to install new patches to protect against this new exploit. Windows Users: [spoiler]https://i.imgur.com/ljttKwF.jpg[/spoiler]

i disable remote access to, not shure if that actual stops such attacks though. I remeber such attack back when I had XP that with in minutes of connecting to internet bad stuff started to happen, less certian patches were already there

Yxskaft:

The remote desktop feature is supposed to be disabled by default anyway, you don't have to fiddle with it at all unless you've used it previously

allow remote access is on by defualt always has been, cause I been disabling manual on clean install for decade

so microsoft is scanning machines connected directly to an internet source, because a NAT enabled router won't show these as open.