Microsoft has released a High-level security advisory. They have said that there is a critical remote code execution vulnerability in Remote Desktop Services that exists in the following operating systems:
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
As of today Windows 8, Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019 are not reported to be affected by this vulnerability. Currently, the unpatched machines are being exploited to mine cryptocurrency but most exploitation results in BSOD. However, these exploits can be further weaponized to cause more damage.
Microsoft has already released patches for both Windows XP and Windows Server 2003 even though they are both not being supported by Microsoft anymore.
If any customers are using any of these services, we advise that you patch the affect machines ASAP.
This risk could be exploited in two ways.
- Unpatched RDP services open to the internet and exploited directly.
- Unpatched RDP services used by Malware internally to spread from machine to machine.
How do I Remediate?
Apply the relevant patch from the below links:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
- https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Work Arounds available here:
How Can Ward Help?
For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.
Further Reading: