Microsoft releases new updates on every Tuesday. This Feb 9th, 2016 we had similar updates, which included KB3126446. Luckily, this update is meant for users with Remote Desktop Protocol (RDP) enabled.
As part of the security bulletin MS16-017, this update (KB3126446) fixes a security problem in Microsoft Windows. Due to this vulnerability, if an authenticated troubleshooter or user, who uses RDP to logon to the target system can send typical “malicious” data over the connection. This will cause elevation of privileges, like running applications or programs with Administrator privileges.
The attacker then can install programs; view, change, or delete data; or create new accounts with full user rights.
What is the Problem of KB3126446 update?
It is observed in many forums and reported on Twitter, that users of Windows 7 SP1, when apply the patch, their PC/laptops go into a reboot loop. So it’s like an error-gate being closed, but a new problem crops up due to this fix.
Faulty Update From Microsoft, “KB3126446” Puts Windows 7 /8.1 In A Reboot Loop https://t.co/dmuSTLJFuf
— hanoush61 (@hanoush61) February 19, 2016
Anyone Running Windows 7 Or 8 Don’t update for the time being the new patch KB3126446 puts it in a boot loop
— Marley (@IHazNotName) February 18, 2016
If you install this update on Windows 7 SP1, your PC is more likely to reboot several times. The number of restarts can vary from system to system. The reboot is common for all updates. But going into a loop, is not seen these days.
The KB3126446 update mainly affects the Enterprise and Ultimate editions of Windows 7. But if you are running RDP 8.0, then all supported editions of Windows 7 are affected. So if users don’t need the server side features of RDP 8.0, Microsoft recommends upgrading to RDP 8.1 and not applying (or removing) the 3126446 update.
The size of the update is around 1.5 MB.
Known issues in this security update
You may have to restart the computer multiple times after you install this security update on a Windows 7-based computer that is running RDP 8.0.
What is Remote Desktop Protocol (RDP)?
It is a proprietary protocol developed by Microsoft which gives user, a graphical interface, to connect to another computer over a network connection. This is generally used for troubleshooting purposes. For example, if you are unable to boot or having problems in your applications, you give access to your computer to another “user” or “expert”, who would like to investigate your PC.
RDP is useful in such grave situations, when your system stops working and you have no other resources available to repair your PC. But generally, you give access to your PC using RDP to people you trust. But sometimes, when you have no friends and you are in dire straits, to get your PC working, you give access to “unknown” people like Microsoft technical team or experts.
Some of them can be hackers. So they can utilize the vulnerability posed by the existing RDP 8.0 and you have to install the KB3126446 update, if you give frequent access to “unknown” persons.
What is the WorkAround?
The only thing that will prevent this problem, is not to install the update KB3126446. But if you have updates automatically installed on, then it will install, without your intervention. The only remedy in that situation is to uninstall it again. But this will pose a security threat if somebody accesses your computer using the RDP. Also this particular problem, arises if RDP 8.0 is installed on your system. By default, this is not enabled on your system.
But if you enabled RDP 8.0 to give access to another person, you can disable it. This is the only solution in the current scenario.
How to Disable RDP?
To disable RDP using Group Policy
- Open Group Policy
- In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Allows users to connect remotely using Terminal Services setting.
- Do one of the following:
- To enable Remote Desktop, click Enabled.
- To disable Remote Desktop, click Disabled.
If you disable Remote Desktop while users are connected to the target computers, the computers maintain their current connections, but will not accept any new incoming connections.
To disable RDP using System Properties
- Open System in Control Panel.
- On the Remote tab, select or clear the Enable Remote Desktop on this computer check box, and then click OK.
Few Important things:
- If the Allows users to connect remotely using Terminal Services Group Policy setting is set to Not Configured, then Enable Remote Desktop on this computer setting takes precedence. Otherwise, the first one will take precedence.
- You must be logged on as a member of the Administrators group to enable or disable Remote Desktop.
- When you enable RDP, you give access to remote users and groups to remotely logon to your computer. For safety purpose, you should decide which users and groups are allowed to log on remotely. You should also make the remote users to use strong passwords to connect to your system. This case, generally arises in Windows network environment.