Posted On: May 16, 2019
Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here's what you need to know...
Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction.
Simon Pope, director of incident response for the Microsoft Security Response Center wrote, “ In other words, the vulnerability is ‘wormable’ - meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer.” He also stated, “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,”
Because of the severity of the vulnerability Microsoft is providing a patch for out of support systems, such as Windows XP and Windows 2003.
Customers running Windows 8 and Windows 10 are not affected by this vulnerability.
Vulnerable systems include:
If you're still unsure that you're protected, OneNeck's security experts are here to help.
Hybrid IT infrastructure that combines on-premises and public cloud capabilities is a strategy many enterprises are embracing. Download Now
Why is it important for organizations to embrace digital transformation? Just ask anyone that once worked for Blockbuster. It’s not that we quit... Continue Reading