topic Critical Wormable RDP Vulnerability in Tech Talk

Critical Wormable RDP Vulnerability

AppDefects — Mon, 09 Oct 2023 09:12:25 GMT

The next Internet wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Re: Critical Wormable RDP Vulnerability

HTCPCP-TEA — Thu, 16 May 2019 09:36:32 GMT

Yup,

MS has even written a patch for XP and 2003, so it seem like quite a serious vulnerability.

Quick workarounds to save people looking:

Block port 3389 at the perimeter, stopping unsolicited RDP inbound traffic

Enable Network Level Authentication on all RDP connections (means attackers need to authenticate, mitigating the vulnerability).

Then get the latest patched installed (*** Subject to your normal patch testing procedure, of course ***)

Re: Critical Wormable RDP Vulnerability

denbesten — Thu, 16 May 2019 15:43:14 GMT

Unfortunately, continuing to routinely patch critical security vulnerabilities (May 2014, May 2017, May 2019), emboldens the argument that XP remains vendor supported in practice, in spite of vendor claims to the contrary.