Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

★★★★★
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. 

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.

Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008Links to downloads for Windows 2003 and Windows XP 

Simon PopeDirector of Incident ResponseMicrosoft Security Response Center (MSRC)

[官网]Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)的更多相关文章

  1. win7:Remote Desktop Services 启动失败

    背景: 其他PC使用mstsc远程某win7 pro sp1,一直失败. 分析: 影响远程桌面应用的设置有两个: 1. 计算机远程设置中,启用“允许远程协助连接这台计算机”,且远程桌面设置正确.如选择 ...

  2. Windows server 2008启动remote dosktop services服务报错1079

    原创 欢迎转载,届时请注明出处 报错场景 今天,刚开始启动win server的远程连接服务(remote desktop services)时 该服务可以正常启动,然后选择了  “计算机--> ...

  3. Configure Security Settings for Remote Desktop(RDP) Services Connections

    catalogue . Configure Server Authentication and Encryption Levels . Configure Network Level Authenti ...

  4. metasploit安装,按官网说明

    mkdir -p $HOME/git cd $HOME/git git clone git@github.com:YOUR_USERNAME_FOR_GITHUB/metasploit-framewo ...

  5. Flink官网文档翻译

    http://ifeve.com/flink-quick-start/ http://vinoyang.com/2016/05/02/flink-concepts/ http://wuchong.me ...

  6. Ubuntu16.04下Neo4j图数据库官网安装部署步骤(图文详解)(博主推荐)

    不多说,直接上干货! 说在前面的话  首先,查看下你的操作系统的版本. root@zhouls-virtual-machine:~# cat /etc/issue Ubuntu LTS \n \l r ...

  7. Ubuntu14.04下Neo4j图数据库官网安装部署步骤(图文详解)(博主推荐)

    不多说,直接上干货! 说在前面的话  首先,查看下你的操作系统的版本. root@zhouls-virtual-machine:~# cat /etc/issue Ubuntu 14.04.4 LTS ...

  8. 照着官网来安装openstack pike之创建并启动instance

    有了之前组件(keystone.glance.nova.neutron)的安装后,那么就可以在命令行创建并启动instance了 照着官网来安装openstack pike之environment设置 ...

  9. 3.1 Broker Configs 官网剖析(博主推荐)

    不多说,直接上干货! 一切来源于官网 http://kafka.apache.org/documentation/ 3.1 Broker Configs 3.1 broker配置 The essent ...

随机推荐

  1. SpringMVC初识

    1 SpringMVC的概述 Spring为展现层提供的基于MVC设计理念的优秀的web框架,是目前最主流的MVC框架之一. Spring3.0后面全面超过Struts2,成为了最优秀的MVC框架. ...

  2. Redux 聊聊

    前言 Redux 是 JavaScript 状态容器,提供可预测化的状态管理. 首先明确一点的就是: Redux并不是React必须的,也没有任何依赖,你可以很自由的将他应用到各种前端框架.jQuer ...

  3. 一些项目中用到的php函数

    #不为空 if (!empty($_POST)) { } #生成随机数 mt_rand(,)产生999-9999范围间的随机数

  4. day_08 字符编码乱码处理

    Python3默认编码是unicode:而Python2是ASCII码.Windows环境默认是gbk编码. 常见编码错误原因: 1. Python解释器的默认编码 2. Python源文件文件编码 ...

  5. javascript(腾讯)

    var a={key:"1",value:2}; war b=a; b.value+=a.key, 打印b.value是多少,a.value呢? 答案:都是21.因为javascr ...

  6. 【leetcode】1229.Meeting Scheduler

    题目如下: 你是一名行政助理,手里有两位客户的空闲时间表:slots1 和 slots2,以及会议的预计持续时间 duration,请你为他们安排合适的会议时间. 「会议时间」是两位客户都有空参加,并 ...

  7. 6.LINUX32位和64位系统的区别和选择

  8. java HTTP文件断点上传

    之前仿造uploadify写了一个HTML5版的文件上传插件,没看过的朋友可以点此先看一下~得到了不少朋友的好评,我自己也用在了项目中,不论是用户头像上传,还是各种媒体文件的上传,以及各种个性的业务需 ...

  9. Codeforces Round #302 (Div. 2) D. Destroying Roads 最短路 删边

    题目:有n个城镇,m条边权为1的双向边让你破坏最多的道路,使得从s1到t1,从s2到t2的距离分别不超过d1和d2. #include <iostream> #include <cs ...

  10. FP AUTO节点ZPP002M执行卡住解决

    正常情况下,不到一分钟即可执行完ZPP002M节点 异常情况下,超过十分钟都没有响应 再等待只会影响FP的执行时间,影响后续的节点,解决办法是将正在执行的JOB STOP掉 再到服务器上将该节点重新执 ...