Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

★★★★★
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/


Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. 

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.

Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008Links to downloads for Windows 2003 and Windows XP 

Simon PopeDirector of Incident ResponseMicrosoft Security Response Center (MSRC)

[官网]Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)的更多相关文章

  1. win7:Remote Desktop Services 启动失败

    背景: 其他PC使用mstsc远程某win7 pro sp1,一直失败. 分析: 影响远程桌面应用的设置有两个: 1. 计算机远程设置中,启用“允许远程协助连接这台计算机”,且远程桌面设置正确.如选择 ...

  2. Windows server 2008启动remote dosktop services服务报错1079

    原创 欢迎转载,届时请注明出处 报错场景 今天,刚开始启动win server的远程连接服务(remote desktop services)时 该服务可以正常启动,然后选择了  “计算机--> ...

  3. Configure Security Settings for Remote Desktop(RDP) Services Connections

    catalogue . Configure Server Authentication and Encryption Levels . Configure Network Level Authenti ...

  4. metasploit安装,按官网说明

    mkdir -p $HOME/git cd $HOME/git git clone git@github.com:YOUR_USERNAME_FOR_GITHUB/metasploit-framewo ...

  5. Flink官网文档翻译

    http://ifeve.com/flink-quick-start/ http://vinoyang.com/2016/05/02/flink-concepts/ http://wuchong.me ...

  6. Ubuntu16.04下Neo4j图数据库官网安装部署步骤(图文详解)(博主推荐)

    不多说,直接上干货! 说在前面的话  首先,查看下你的操作系统的版本. root@zhouls-virtual-machine:~# cat /etc/issue Ubuntu LTS \n \l r ...

  7. Ubuntu14.04下Neo4j图数据库官网安装部署步骤(图文详解)(博主推荐)

    不多说,直接上干货! 说在前面的话  首先,查看下你的操作系统的版本. root@zhouls-virtual-machine:~# cat /etc/issue Ubuntu 14.04.4 LTS ...

  8. 照着官网来安装openstack pike之创建并启动instance

    有了之前组件(keystone.glance.nova.neutron)的安装后,那么就可以在命令行创建并启动instance了 照着官网来安装openstack pike之environment设置 ...

  9. 3.1 Broker Configs 官网剖析(博主推荐)

    不多说,直接上干货! 一切来源于官网 http://kafka.apache.org/documentation/ 3.1 Broker Configs 3.1 broker配置 The essent ...

随机推荐

  1. ZROI 19.07.29 线性代数入门/wq

    1.高斯消元 在模意义下依然有效,对主元求逆即可. 甚至可以模合数,需要对两个方程辗转相除,复杂度\(O(n^3\log p)\). 辗转相除法只要能定义带余除法就有效. 逆矩阵:对于矩阵\(A\), ...

  2. python类库32[多进程通信Queue+Pipe+Value+Array]

    多进程通信 queue和pipe的区别: pipe用来在两个进程间通信.queue用来在多个进程间实现通信. 此两种方法为所有系统多进程通信的基本方法,几乎所有的语言都支持此两种方法. 1)Queue ...

  3. 22.从上往下打印二叉树(python)

    题目描述 从上往下打印出二叉树的每个节点,同层节点从左至右打印. class Solution: # 返回从上到下每个节点值列表,例:[1,2,3] def PrintFromTopToBottom( ...

  4. [人物存档]【AI少女】【捏脸数据】两个人物

    点击下载(城通网盘):8bcd58f40ad162d9c1fd6f641edfa9ec8b13cdf8.png 点击下载(城通网盘):AISChaF_20191110015122738.png

  5. Python学习:Python设计模式-单例模式

    一.单例模式存在的意义 在这里的单例就是只有一个实例(这里的实例就像在面向对象的时候,创建了一个对象也可以说创建了一个实例),只用一个实例进行程序设计,首先我们可以了解一下什么时候不适合使用单例模式, ...

  6. Python爬虫十六式 - 第四式: 使用Xpath提取网页内容

    Xpath:简单易用的网页内容提取工具 学习一时爽,一直学习一直爽 !   Hello,大家好,我是Connor,一个从无到有的技术小白.上一次我们说到了 requests 的使用方法.到上节课为止, ...

  7. 完整的Socket代码

    先上图 列举一个通信协议 网关发送环境数据 此网关设备所对应的所有传感器参数,格式如下: 网关发送: 包长度+KEY值+请求类型+发送者+接收者+消息类型+消息内容 说明: 包长度:short int ...

  8. Oracle rac11g 安装报INS41112

    由于集群服务器上的数据库存储层要上双活,所以需要重置存储 不幸17服务器在重启后突然奔溃了,所以需要重新安装17服务器系统 在把18的软件全都卸载干净后,重新安装集群服务器,但却遇到了如下问题 多次针 ...

  9. 大哥带我们的mysql注入 基于时间的盲注

    ?id= and ,,sleep()) ?id= and ,,sleep()) if语句/if()函数 在基于时间型SQL盲注中,我们经常使用条件语句来判断我们的操作是否正确: ?id= and = ...

  10. Ambari 2.6.0 HDP 2.6.3集群搭建

    1.安装环境说明 三台机器安装好CentOS-7-x86_64-Minimal-1708.iso 下载地址:https://www.centos.org/download/ 最好在安装时设置好IP和H ...