Remote Desktop Services Remote Code Execution Vulnerability

We have recently identified a cybersecurity threat that you should be aware of.

A remote code execution vulnerability has been identified in Windows XP through to Windows 7 and Windows 2003 through to Windows 2012. This vulnerability can be exploited by a remote, unauthenticated attacker and could allow for the execution of arbitrary code on the target system.

Microsoft has issued patches for all affected operating systems, including those that are end of life or end of support.

How does this affect my organisation?

In most cases, Remote Desktop Services (RDS) will be used within organisations but is not exposed to the internet. This will limit the exposure of most organisations but will not mitigate all potential attack vectors (such as internal threats). Customers are recommended to review their envrionment and apply the appropriate security patches in their next security patch cycle.

If you are a customer of AC3 Managed Services, AC3 will be in contact to organise an appropriate window to apply these patches.

For more information about this vulnerability please refer to the links at the end of this alert.

Threat rating and recommendation

Based on information available at the time of this notice, we have classified this threat as warning.

Customers are recommended to review their environment and apply the appropriate patches as soon as possible. If you have remote desktop services exposed to the internet it is recommended to apply the appropriate patches as soon as possible.

If possible, enabling Network Level Authentication will make exploitation of this vulnerability more difficult as an attacker must have a valid account.

Key

Advice – no urgent remediation action required

Warning – watch and act

Action Required – urgent remediation action required

More Information

More information about this security vulnerability is available at the links below.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708