Microsoft is warning that an exploit with the magnitude of the WannaCry attack that crippled computers worldwide two years ago could be imminent if people fail to patch a high-severity vulnerability.
Microsoft is urging its customers to patch a critical remote code execution vulnerability in Remote Desktop Services immediately. This vulnerability, CVE-2019-0708, affects Windows Server 2008 R2, Windows Server 2008, Windows 7, Windows 2003, and Windows XP.
- What does this vulnerability entail?
Microsoft disclosed and released patches to address a critical vulnerability in Remote Desktop Services (RDP) in its May 2019 security updates. The vulnerability can be exploited by an unauthenticated remote attacker attempting to connect to a vulnerable system using RDP and sending specially crafted requests. If an attack is successfully able to exploit this vulnerability, it could execute code on the system.
- Why is it so important?
The flaw, CVE-2019-0708, does not require authentication or user interaction, giving it the potential to be leveraged in malware to self-propagate to other vulnerable systems. These capabilities allow the vulnerability to be “wormable” in that any malware that leverages this vulnerability could potentially spread to other vulnerable systems, such as the WannaCry ransomware did with MS17-010 and the EternalBlue exploit in 2017. Microsoft warns that the likelihood of threat actors creating an exploit and incorporating it into their malware is very high.
- What should I do?
The company released patches for Windows 7 and Windows Server 2008/R2 as well as older, traditionally unsupported, versions of Windows XP and Windows 2003. Windows 8 and 10 are not affected by this vulnerability. If an attack is successfully able to exploit this vulnerability and vulnerability management services are not in place, they could execute code on the system.