May 2019 security updates address a critical Remote Code Execution (RCE) vulnerability found in the Remote Desktop Services (RDS) platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations.

 

The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017.

 

Overview

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.

An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

Affected systems

The critical RDS vulnerability impacts only older in-support versions of Windows (i.e. Windows 7, Windows Server 2008 R2, and Windows Server 2008), with security updates for the affected versions being available via the Microsoft Security Update Guide.

Out-of-support operating systems such as Windows XP and Windows 2003 are also affected.

Windows 8 and Windows 10 users are not impacted by the vulnerability because of the strengthened security provided with the latest Windows releases.

Resolution

  • Workaround
    • As a workaround, Microsoft has advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this Wormable flaw. Despite this, potential attackers could still abuse the RCE vulnerability if they already have the credentials needed to authenticate on a system where RDS is enabled.

More details are available in the official advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Link to the official blog: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Patch! Patch Patch to avoid another Wanna-Cry!

A propos de l'auteur

Founder of DigitLys-Mag
Google+

Cyber Threat Analyst & Security researcher. Founder and Technical Writer for DigitaLys-Mag

Articles similaires