Do not contempt “CVE-2019-0708” (Remote Desktop Services Remote Code Execution) Vulnerability – 14th May 2019

Preface: Heard that Microsoft is trying to head off another WannaCry-style malware outbreak before it starts.

Technical background: Remote Desktop Protocol is based on, and is an extension of, the T-120 family of protocol standards.

Vulnerability details: A vulnerability in the Remote Desktop Services component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Current status: The POC details open to cyber world. The source code let people know the design weakness of RDP. For instance, the buffer of TPKT (ver 3,5,8) , ITU-T Rec X.224 & MULTIPOINT-COMMUNICATION-SERVICE T.125. The overall feedback in commercial IT world is that they are not vulnerable because they do not have Win 2008, Win 7 and XP. It is right. But the attack vector is not a commercial area, and its targets are medical systems, SCAD control, power facilities and the oil industry. So this let Microsoft headache this time.

Remediation via following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708