Critical RDP Vulnerability

Microsoft has released software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a wormable flaw that can propagate malware from computer to computer without requiring users’ interaction. The wormable vulnerability is being tracked as CVE-2019-0708 and resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specifically crafted requests over RDP protocol to a targeted system.

“This vulnerability is pre-authenticated and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system,” Microsoft stated in their advisory. Microsoft also stated, “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

Surprisingly, besides releasing patches for supported systems, including Windows 7, Windows Server 2008 R2, and Windows Server 2008, Microsoft has also separately released fixes for out-of-support versions of Windows including Windows 2003 and Windows XP to address this critical issue.

As a workaround, Microsoft has advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this wormable flaw.