Remote Code Execution Vulnerability

Remote Code Execution Vulnerability


Overview

CVE-2019-0708 is a remote code execution vulnerability that exists in Remote Desktop Services, previously known as Terminal Services. Remote Desktop Protocol (RDP) provides a user with a graphical interface to connect to a remote computer over a network connection.

Successful exploitation of this vulnerability could allow an attacker to run malicious commands on a vulnerable server.

Threat Intelligence

At this time the Masergy Threat Intelligence Team is not aware of any in-the-wild exploitation or public proof-of-concept exploits. We will continue to monitor the situation as it develops. We assess that it is highly likely that actors will pursue the development of exploits for this vulnerability.

Technical Summary

To perform this exploit, an attacker sends a specially crafted connection request over RDP to the Remote Desktop Service which could then allow the attacker to execute malicious code on the target system, remove data, and create users with elevated permissions on the system.

Because this attack happens prior to authentication, and requires no user interaction to successfully execute, this exploit is considered wormable (able to be spread throughout a network).

Recommendations

We recommend the following actions be taken:

  • Immediately apply Microsoft’s May 14th, 2019 security patch on affected systems, after appropriate testing. If you are unable to update, use Microsoft provided guidance for mitigating workarounds in their advisory.
  • Disable Remote Desktop Services if they are not required
  • If possible, ensure externally accessible Remote Desktop Services are under additional protective measures such as a VPN.

Patches

Microsoft has made patches available for download, for more information see Microsoft’s advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

References

Vulnerabilities

CVE-2019-0708
  • Remote code execution vulnerability existing in Remote Desktop Services.

Systems Affected

  • Windows XP
  • Windows 2003
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.