Blog, General, News

CVE-2019-0708 Critical Security Advice from edgescan

Windows CVE-2019-0708?

This blog explains CVE-2019-0708, how to identify if you are vulnerable and highlights how this type of threat was identified in the edgescan 2019 Vulnerability Stats Report.

 

What is it?

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP (Remote Desktop Protocol) and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

 

Should I be worried?

You may be vulnerable if you have unpatched Windows machines with RDP exposed. See below for more information on how to check if machines are unpatched and how to update them if needed.

 

What do I need to do?

Currently, there is no safe PoC for testing assets however, you should perform the following to see if your machines are vulnerable.

 

  • For Windows 7 machines, the check is to verify that c:\windows\system32\Ntdll.dll is less than 6.1.7601.24441 – if it is, you may be vulnerable

 

  • For Windows 2008 machines, the check is to verify that c:\windows\system32\Ntoskrnl.exe is less than 6.0.6003.20512 – if it is, you may be vulnerable

 

You should also check your patching as per for Windows 7 and Windows 2008:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

here for Windows XP and Windows Server 2003:
https://support.microsoft.com/en-ie/help/4500705/customer-guidance-for-cve-2019-0708

 

Threats such as these were identified in the edgescan 2019 Vulnerability Stats Report where it was reported that 3.05% of assets have RDP Port 3389 exposed (based on a sample of over 250,000).  While this vulnerability is not actively being exploited, without patching, the threat still exists.

 

 

Take this opportunity to download the edgescan 2019 Vulnerability Stats Report and the Verizon 2019 Data Breach Investigations Report.

 

edgescan Team

Posted May 17, 2019 in Blog, General, News

Theo

theo.g@edgescan.com

Marketing Executive of Edgescan

Recent News

The Smart Vulnerability Management Checklist – Six Important Approaches You Need to Adopt Today
Jul 28, 2022

The Smart Vulnerability Management Checklist – Six Important Approaches You Need to Adopt Today

Nine Considerations to Orchestrate the Perfect Vulnerability Management (VM) War Room
Jul 25, 2022

Nine Considerations to Orchestrate the Perfect Vulnerability Management (VM) War Room

Putting Your Full Stack Vulnerability Management Solution into Action – Three Practical Suggestions
Jul 14, 2022

Putting Your Full Stack Vulnerability Management Solution into Action – Three Practical Suggestions