Blog

On May 14, 2019, Microsoft released a patch for a critical Remote Code Execution vulnerability dubbed CVE-2019-0708. The vulnerability exists in Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2 and Windows Server 2008. The risk level associated with this vulnerability was great enough to prompt Microsoft to not only release patches for all affected in-support systems but also for out-of-support systems as well.

The vulnerability exists in Remote Desktop Services (formerly Terminal Services). The vulnerability is being called "critical’’ for good reason. It allows for remote code execution without authentication and with no user interaction. This means that an attacker can infect remote systems with malware by sending packets remotely and without authentication.

In addition, this can be utilized to propagate and spread a "worm" much in the same way the WannaCry malware was able to infect several hundred thousand nodes across the globe back in 2017. While there are no reports currently of the vulnerability being actively exploited, it is only a matter of time before malicious actors begin to leverage this vulnerability to target systems for malicious purposes.

This vulnerability can be partially mitigated by enabling Network Level Authentication (making authentication required). However, that should not be relied upon as it still leaves the affected systems vulnerable in the case where the attacker may already be in possession of valid credentials. For that reason, it’s indeed critical that all affected systems be patched with fixes that have already been released by Microsoft.

Security patches can be found here:

In-Support Security patches: Microsoft Security Update Guide

Out-of-support Security patches: KB4500705