Remote Desktop Services Remote Code Execution Vulnerability

In May 14, 2019 Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Download Updates:
Windows 7, Windows 2008 R2, and Windows 2008
Windows 2003 and Windows XP  

MCI-CERT additional suggestions:
- Use strong password
- Restrict access using ACL and firewall
- Limit users who can log in using remote desktop
- Set an account lockout policy
- Use management tools for RDP logging
- Update Remote Desktop Services
- Tunnel Redmote Desktop connection through IPSec or other secure methods
- Retaining RDP logs for 90 days

Resource:
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Navigation