cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Critical Wormable RDP Vulnerability

The next Internet wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 

2 Replies
HTCPCP-TEA
Contributor I

Yup,

 

MS has even written a patch for XP and 2003, so it seem like quite a serious vulnerability.

 

Quick workarounds to save people looking: 

 

Block port 3389 at the perimeter, stopping unsolicited RDP inbound traffic

 

Enable Network Level Authentication on all RDP connections (means attackers need to authenticate, mitigating the vulnerability).

 

Then get the latest patched installed (*** Subject to your normal patch testing procedure, of course ***)

denbesten
Community Champion

Unfortunately, continuing to routinely patch critical security vulnerabilities (May 2014, May 2017, May 2019),  emboldens the argument that XP remains vendor supported in practice, in spite of vendor claims to the contrary.