On Tuesday 5/14, Microsoft released a patch for a critical vulnerability CVE-2019-0708, the last time a patch for older systems was released like this the world saw Wannacry.

A remote code execution (RCE) vulnerability exists in Remote Desktop Services.

When an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  This vulnerability is currently specific Windows 7, Windows Server 2008, and Windows Server 2008 R2.

 

Again, This vulnerability is pre-authentication and requires no user interaction.

 

Mitigation strategies:

  • Disable RDP if not needed
  • Allow only authorized devices to connect
  • Block all TCP port 3389 traffic
  • Patch if available.

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

 

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

 

Should you have any questions or need help, please contact us.