Microsoft improves Windows security by releasing a patch — CVE-2019-0708 — for Remote Desktop Services. The vulnerability allowed people to run code on computers or servers without having logged in.
Flawed Remote Desktop Services security has been responsible for many cyber attacks and hacked computers and networks. Microsoft’s patch addresses just one vulnerability which used to allow people to send specifically made requests to connect to Remote Desktop in such a way that they would become able to run code on the remote system.
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
The patch applies to Windows Server 2008 and Windows 7 and was included in the latest update. The newer Windows versions, Windows 8 and 10, were not affected by this security bug because Microsoft takes security more seriously now than before. And this includes securing older Windows versions.
The older systems (Windows XP and Windows Server 2003) have the patch available (though they need it downloaded manually), despite Microsoft officially no longer supporting them (https://support.microsoft.com/en-gb/help/4500705/customer-guidance-for-cve-2019-0708). These old operating systems are still used by many businesses and organisations, and their vulnerabilities have helped the infamous WannaCry cripple some very big companies with its file-encrypting virus.
Now viruses like WannaCry will have a harder time infecting the updated Windows servers and computers. Criminals have long been exploiting Remote Desktop Protocol to install ransomware to exploit businesses and
To avoid infections by ransomware, spyware, and other malicious programs, it’s very important for people and
The problem with some
Despite all the security flaws, Remote Desktop is a very useful tool for both businesses and individuals. It enables people to work from home without having to trust those people to not accidentally leak important files. Any operating system, any computer can connect to a remote desktop, so users are not limited by their hardware. The people connecting can do whatever their account privileges allow them, including installing
The CVE-2019-0708 patch does not help people protect their systems from attackers that know the login credentials. Nor does it mean that the other ways of securing Remote Desktop connection are unnecessary. It’s still worth it to disable RDP when it’s not needed, enable additional authentication, and take other measures to protect your server/computer.
Source: naked security by Sophos