Remote Desktop Services (RDP) Remote Code Execution Vulnerability

CVE: 2019-0708

PLEASE NOTE THAT WE HAVE ISSUED A MORE UP TO DATE ADVISORY HERE.

Integrity360 is actively monitoring a vulnerability which Microsoft has released affecting Remote Desktop Services. The vulnerability allows remote code-execution with potential to be exploited by new types of malware attacks similar to WannaCry.

The threat

The vulnerability exists in the way that the RDP service handles incoming requests. An attacker can send a malicious request to the RDP service and, due to improperly sanitised request handling, the target will execute the malicious code injected into the request.

The impact

An unauthenticated attacker targeting vulnerable systems with Remote Desktop Protocol enabled could exploit this flaw to gain remote code-execution.

Our recommendations

Integrity360 recommends that clients implement the required updates for the May patch cycle in line with the existing patching schedule. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

Microsoft also recommends the following two actions:

  • Enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2
  • Block TCP port 3389 at the enterprise perimeter firewall

Below are the links to further information about the vulnerability. We recommend you review this information if you are concerned about the impact to your business. 

We will continue to monitor the situation and update this webpage as new information becomes available.

Integrity360 clients can email their account manager to query anything related to this vulnerability. Alternatively, please email info@integrity360.com and we will arrange a follow up for you.

PLEASE NOTE THAT WE HAVE ISSUED A MORE UP TO DATE ADVISORY HERE.

More information