On August 13, Microsoft released their monthly "Patch Tuesday" updates that address a number of serious vulnerabilities in Windows Remote Desktop Services (RDS). The vulnerabilities are also referred to as DejaBlue by the security researchers, referring to the BlueKeep vulnerability that was announced earlier this year. DejaBlue makes it possible for an attacker to execute code on the Windows system without being logged in. As a result, an attacker could gain full control over the affected system and malware could use the vulnerability to spread.
The following versions of Windows are prone to abuse through the DejaBlue vulnerabilities: Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all versions of Windows 10, including the Server editions.
For Windows users who have RDS on their VPS, we recommend that you perform these updates as quickly as possible. In our Knowledge Base we explain how you can update your operating system and kernel.