Shulou(Shulou.com)05/31 Report--

This article introduces you how to understand CVE-2019-0708 vulnerability early warning, the content is very detailed, interested friends can refer to, hope to be helpful to you.

On May 14th, Microsoft urgently released a fix for pudding and RDP service vulnerabilities. This vulnerability is said to be comparable to WannaCry.

The global malware epidemic WannaCry affected about 200000 Windows systems in 150 countries in May 2017.

Why is this vulnerability comparable to WannCry? Next, let's take a look at it.

01 vulnerability description

On May 14th, Microsoft released a fix for a key remote execution code vulnerability, CVE-2019-0708, for remote Desktop Services (formerly known as Terminal Services) that affected some older versions of Windows.

The remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and does not require user interaction. "in other words, the vulnerability is' suspicious', which means that any future malware that exploits this vulnerability could spread from vulnerable computers to vulnerable computers in the same way that WannaCry malware spread around the world in 2017. Affected systems are important to fix as soon as possible to prevent this from happening."

02 scope of influence

Vulnerable support systems include:

Windows 7

Windows Server 2008 R2

Windows Server 2008.

Windows 2003

Windows XP

Note: customers running Windows 8 and Windows 10 are not affected by this vulnerability.

03 repair recommendations

1. Install updates in time

For users of Windows 7 and Windows Server 2008, install security updates released by Windows in a timely manner.

(https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)

2. Upgrade to the latest version

For Windows 2003 and Windows XP users, please update to the latest system version in time. Microsoft provides fixes for these unsupported versions of Windows in KB4500705.

(https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708)

3. Enable network authentication (NLA)

Because the authentication required by NLA is before the vulnerability trigger point, the affected system can take advantage of NLA to defend against "worm" malware or advanced malware threats for this vulnerability. However, if the attacker has valid credentials that can be used for successful authentication, the affected system is still vulnerable to remote code execution (RCE) attacks.

On how to understand CVE-2019-0708 vulnerability warning to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.