Windows remote Desktop Services vulnerability warning notice 02/23 Update SLTechnology News&Howtos

Windows remote Desktop Services vulnerability warning notice

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

On May 14, 2019, Microsoft released a list of May patch updates that included a RDP (remote Desktop Service) remote code execution vulnerability marked as serious, which could be exploited by an attacker to send specially constructed malicious data to execute malicious code on the target system without user authentication, thereby gaining full control of the machine.

This vulnerability mainly affects devices such as Windows 7, Window Server 2008 and Windows 2003 and Window XP operating systems that Microsoft no longer supports. The system involved is still used by a large number of users in China, so the impact of this vulnerability is huge. Because the vulnerability does not require user interaction, it means that the vulnerability is very likely to be exploited by worms, which may eventually lead to the flooding of WannCry worms.

Vulnerability summary:

Vulnerability name: Microsoft Windows Remote Desktop Services remote code execution vulnerability

Threat type: remote code execution

Threat level: severe

Vulnerability ID:CVE-2019-0708

Affected system version:

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

For users using CVM, 56 Cloud recommends to refer to the following protection solutions:

1. Install the patch in time. Restart is required to take effect after installation. The official download link for Microsoft is as follows:

Windows 2008 R2:

Https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Windows 2003:

Https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.