[SingCERT] Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

Published on 15 May 2019

Updated on 23 Oct 2019

Background

Microsoft released a security patch to address a Remote Code Execution(RCE) vulnerability that exists in its Remote Desktop Services (RDS). This vulnerability is rated critical and has a Common Vulnerability Scoring System (CVSS) score of 9.8.
An unauthenticated attacker could exploit this RCE flaw by sending a specially crafted request to systems running RDS via Remote Desktop Services (RDP), tricking it into executing the arbitrary code. This vulnerability is pre-authentication and requires no user interaction. The exploit code can also automatically replicate functional copies of themselves and cause widespread damage.

Impact

Successful exploitation of this vulnerability could allow attackers to take control of the affected system and perform malicious activities, including modifying and installing programs; view, change, or delete data; or create new accounts with full user rights.

Affected Operating Systems

  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2

Note: CVE-2019-0708 does not affect Microsoft’s latest operating systems – Windows 10, Windows 8, Windows Server 2019, Windows Server 2016, Window Server 2012 R2 or Windows Server 2012

Recommendations

Users and system administrators of affected products are advised to apply the security updates immediately.

As a good security practice, users are advised to disable RDS if they do not need it as this reduces the attack surface exposure.

For more information, please refer to the following resources: