Emergency Warning: Windows Server RDP Service Vulnerability (CVE-2019-0708)
Introduction
In a recent disclosure by the Microsoft Emergency Response Center, a high-risk security vulnerability (CVE-2019-0708) has been identified in Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. This vulnerability, located in the Remote Desktop Services, allows for remote code execution without user interaction, making it a prime target for worm attacks similar to Wannacry. If left unaddressed, this vulnerability poses a significant threat to servers, potentially leading to a large-scale invasion by external attackers.
The Vulnerability
The vulnerability, designated as CVE-2019-0708, is a serious remote code execution vulnerability that can be exploited remotely without user interaction. This allows attackers to gain access to server system permissions and propagate worms, making it a high-risk security risk.
Affected Versions
The following versions of Windows are known to be affected by this vulnerability:
- Windows Server 2008 R2
- Windows Server 2008
- Windows Server 2003
- Windows XP
- Windows 7
Security Update
Microsoft has released a security update to address this vulnerability. Users can download the update from the following links:
- For Windows 7 and Server 2008/Server 2008 R2 users: Security Update Guide - Microsoft Security Response Center
- For Windows XP and Server 2003 users: CVE-2019-0708 的客户指南 | 远程桌面服务远程执行代码漏洞:2019 年 5 月 14 日 - Microsoft 支持
Mitigation Measures
To mitigate this vulnerability, users can take the following steps:
- Open the Microsoft official website to download and install the security update corresponding to their operating system.
- Implement mitigation measures, such as enabling Network Level Authentication (NLA) on the Remote Desktop Services.
Reference
For more information on this vulnerability, please refer to the following resources:
- The official announcement by Microsoft: Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
- Community reference: Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches | The Verge
About Ding Lab
Ding Lab, a part of Tencent Cloud, focuses on cutting-edge technology research and innovation in the field of cloud security, cloud standardization, and compliance systems. Using machine learning and Big Data technologies, Ding Lab provides real-time monitoring and analysis of various types of risk information, helping customers against high-level sustainable attacks and other security vulnerabilities. By ensuring the overall security of the cloud computing platform and related capacity, Ding Lab provides a credible security protection platform for enterprises and entrepreneurs.
Recommendations
To avoid being affected by this vulnerability, we recommend that users:
- Securely update their systems in a timely manner.
- Open a cloud “security operations center” - security intelligence to access the latest vulnerability information, repair programs, and data leakage cases.
- Perceive the risk of assets on the cloud and take necessary measures to mitigate the risk.