[Vulnerability Warning] Windows RDP Remote Code Executes High Risk Vulnerability

2019-05-15 15:49:17
Dear user

On May 15, 2019, JD Cloud Security Team monitored the emergency security patch released office by Microsoft and fixed remote execution code vulnerability (CVE-2019-0708) for Windows remote desktop service. One may directly obtain Windows server permission via this vulnerability.

[Vulnerability Description]

If a remote execution code vulnerability exists in the remote JD WorkSpaces service (called terminal service previously), when an attacker without identity verification uses RDP to connect to the target system and sends a specially crafted request, since this vulnerability is a pre-identity verification not requiring user interaction, the attacker successfully using this vulnerability can execute any code in the target system, and then the attacker can install programs, view, modify or delete data, or create a new account with complete user permission.

[Vulnerability Number and Rating]

CVE-2019-0708 Severe

[Windows Version affected by ]

  • Windows 7

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows 2003

  • Windows XP

[Security Recommendations]

Windows 7, users of Windows 2008 R2 and Windows 2008 will automatically receive the patch update push and will be updated automatically. Please keep Windows update open or update manually.

[Mitigation Measure]

1. If unnecessary, please prohibit the remote JD WorkSpaces service.

2. Enable the network-level identity verification (NLA) on the system running versions supported by Windows 7, Windows Server 2008 and Windows Server 2008 R2

Reference Configuration:https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)

3. Configure block TCP port 3389 in Security Group

[Official Reference Link]


JD Cloud team

2019-05-15 15:49:17