Critical Update: Windows Remote Desktop Services Vulnerability
Earlier today Microsoft released several security updates as part of its regular monthly updates known as Patch Tuesday. One of the issues that was patched in today's update, CVE-2019-0708, is critical, and all Windows users should apply the patches immediately, regardless of whether or not they are running the vulnerable operating system. Large organizations following 15/30/60-day patch cycles should consider making an exception and applying the patches as soon as possible, especially if running one of the vulnerable operating systems.
What is the issue?
CVE-2019-0708 is a remote code execution vulnerability in Microsoft Windows Remote Desktop Services that affects several older versions of the Windows operating system.
What makes this vulnerability unique, and alarming, is that an attacker attempting to exploit the vulnerability does not have to be authenticated to the target machine and needs no interaction from the target user for the machine to be compromised. In other words, this can and most likely will be exploited by malware authors to spread payloads rapidly, from unpatched system to unpatched system. There have been no exploitations detected yet, but this is the type of vulnerability that could lead to another attack like WannaCry, which caused massive disruptions in organizations around the world in May 2017.
What systems are impacted?
Windows XP, Windows 2003, Windows 7, Windows Server 2008 R2, and Windows Server 2008 operating systems are vulnerable.
Windows 8 and Windows 10 operating systems are NOT vulnerable.
What can you do to protect yourself?
Microsoft has been proactive in releasing security updates for the unsupported operating systems, given the critical nature of this vulnerability. Apply the security updates released by Microsoft immediately from the following locations:
For supported operating systems:
For unsupported end-of-life operating systems [Windows XP and 2003]:
Zscaler Cloud Sandbox provides proactive coverage against worm payloads and advanced threats like ransomware, and the Zscaler ThreatLabZ team is actively monitoring for in-the-wild exploit attempts to ensure coverage.