SECURITY ADVISORY: CVE-2019-0708 - Remote Desktop Services Vulnerability
Incident Report for Green Cloud Technologies
Resolved
On May 14, Microsoft published a security advisory relating to Remote Desktop Services in Windows 2003, 2008, and 2008 R2 servers: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

From the link above: "A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP."

Patches for Windows 2008 and 2008 R2 are available at that link. To underscore the seriousness of the vulnerability, they have also issued patches for Windows 2003, even though Windows 2003 is long out of support: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Green Cloud is strongly recommending that our partners patch any potentially affected servers immediately as the likelihood of exploit is extremely high.

Related links:
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/
Posted about 1 month ago. May 15, 2019 - 10:02 EDT
This incident affected: Security.