First published on CloudBlogs on Sep 20, 2017 by Enterprise Mobility + Security Team Remote Desktop Services (RDS) allows you to access a remotely-hosted Windows desktop environment or application...
Updated May 11, 2021
Version 6.0Blog Post
Dear Microsoft Regarding RDS, our pen testers highlighted that this uses TLSv1.0 which is now an insecure protocol and should be disabled, however, if you do this RDS breaks! You’d think MS would provide an update to mitigate this security risk but instead they state that this is expected as the connection broker depends on TLS 1.0 (https://support.microsoft.com/en-nz/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail) and the resolution options are: • Set up RDS without Connection Broker for a single server installation. • Do not disable TLS 1.0 on a single Connection Broker deployment. • Configure a high availability Connection Broker deployment that uses dedicated SQL Server. Microsoft - surely it is your responsibility to remove use of TLS v1.0 and replace with v1.2 to continue to make your product secure for your customers, instead of putting the onus on your customers to roll out a ha deployment solution at their own cost? Surely you can provide an update to mitigate this issue?