Menu

Older Windows Systems Beware of CVE-2019-0708

Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here’s what you need to know…

Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction.

Simon Pope, director of incident response for the Microsoft Security Response Center wrote, ” In other words, the vulnerability is ‘wormable’ – meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer.”  He also stated, “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,”

Because of the severity of the vulnerability Microsoft is providing a patch for out of support systems, such as Windows XP and Windows 2003.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability.

Vulnerable systems include:

  • Windows XP
  • Windows 2003
  • Windows 7
  • Windows 2008 R2 and Windows 2008

If you’re still unsure that you’re protected, OneNeck’s security experts are here to help.

 

References

Get In Touch

Call Us

For general inquiries, call: 855.663.6325

Immediate Assistance

Managed services support: 800.272.3077
Non-managed service support: 515.334.5755
Or visit our service desk:
Service Desk Portal

Talk to Our Team