Microsoft has released information and updates regarding a vulnerability that affects Remote Desktop Services (RDP). The vulnerability affects older Windows versions:

  • Windows 2008
  • Windows 2008 R2
  • Windows 7
  • Windows XP
  • Windows 2003

The vulnerability is possible to exploit remotely, without credentials or authentication. Microsoft has released patches also for Windows XP and 2003 even though support has ended.

This vulnerability does not affect Microsoft’s latest operating systems — Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

Recommendations:

  • Check if your environment is running any of the older windows versions
  • Check if Remote Desktop Services are available , especially on public networks
  • Patch affected systems
  • There is a workaround to enable Network Level Authentication that can partly mitigate the vulnerability

More information:

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Tieto SOC is actively following this vulnerability, as for now there is no indications of active exploits, but this will most likely change in due time.

Regards,

Tieto SE SOC