Go to content Go to navigation

mnemonic Security Advisory: Critical Windows Vulnerability

Last week Microsoft released a critical security patch for CVE-2019-0708. The vulnerability is classified as critical, and has the potential to become an Internet spread worm.

On Tuesday May 14th, 2019 Microsoft released a security update to address a critical vulnerability in Remote Desktop Services in Microsoft Windows (CVE-2019-0708). This vulnerability is pre-authentication, which means no user interaction or valid authentication is required. If exploited, this vulnerability has the potential of spreading across a corporate internal network and across the Internet as a computer worm.

Independent security researchers have confirmed that the vulnerability is exploitable, and have created a proof of concept exploits. At the time of writing (23-05-2019) there is no confirmed evidence that threat actors have created working exploits or are actively using them in the wild. Our expectation however is it is only a matter of time before we see the vulnerability being actively exploited.

Affected systems

CVE-2019-0708 affects the following Windows systems:

  • Windows XP SP3 x86
  • Windows XP Professional x64 Edition SP2
  • Windows XP Embedded SP3 x86
  • Windows Server 2003 SP2 x86
  • Windows Server 2003 x64 Edition SP2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Recommendations

For Windows systems still supported by Microsoft (Windows 7, Windows Server 2008), install the security update for CVE-2019-0708 using the Windows Update service.

For Windows systems no longer supported by Microsoft (Windows XP, Windows Server 2003), download and install the security update from https://support.microsoft.com/en-ca/help/4500705/customer-guidance-for-cve-2019-0708

If installation of the security update is not possible, mnemonic recommends taking the following short term remediation actions:

  1. Disable Windows Remote Desktop Services on vulnerable systems
  2. In your firewall, limit/whitelist the IP addresses that can connect to Windows Remote Desktop Services

mnemonic also recommends taking the following long term remediation actions:

  1. Upgrade vulnerable systems that are End of Support to a newer version of Windows
  2. Implement a secure VPN solution for using remote desktop services rather than exposing these services on directly on the Internet (or similar Network Level Authentication mechanism).

References

Do you want to be updated on mnemonic’s Threat Advisories? Sign up to our email list here.