Microsoft Addresses Critical Vulnerability in Remote Desktop Services with Patch to Include Unsupported Operating Systems

Posting ID 119390
Date Added: 5/15/2019
Date Modified: 5/15/2019
E-ISAC Staff

Description

A potentially wormable, critical remote code execution vulnerability exists in Microsoft's Remote Desktop Services. This is documented in CVE-2019-0708. Microsoft has provided a patch to mitigate this, however it is noteworthy that they have also provided a patch for older, unsupported operating system versions due to the severity of the vulnerability.

The vulnerability could potentially allow an unauthenticated attacker to execute arbitrary code on the target system with full administrative rights. 

Due to the fact that this vulnerability could allow wormable execution with no user interaction, the E-ISAC recommends researching the CVE and ensuring that any vulnerable systems in member environments are patched expeditiously.

Category Type:
Cyber Security
TLP - White
Shared Count (3)
  • E-ISAC AOO Members
  • E-ISAC Staff
  • Watch Floor
Change History
  • E-ISAC Staff, 05/15/2019