Jump to content
djMot

UW-Madison Cybersecurity Announcement: Microsoft patch release for unsupported OS (CVE-2019-0708)

Recommended Posts

About the Event:

On May 14, 2019 Microsoft released security updates for a number of systems, including many which are typically unsupported.

 CVE-2019-0708 addresses a remote code execution vulnerability in Remote Desktop services. The vulnerability does not require user interaction and would allow attacks to spread from infected computer to computer similar to how the WannaCry ransomware attacks worked in 2017. A successful attack could allow programs to be installed, data to be viewed, changed or deleted or new accounts with full rights created.

 Security patches for the unsupported systems were released separately.

 Actions to Consider:

The following versions are affected: 

  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-Based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows XP SP3 x86
  • Windows XP Professional x64 Edition SP2
  • Windows XP Embedded SP3 x86
  • Windows Server 2003 SP2 x86
  • Windows Server 2003 x64 Edition SP2

 If you are running any of the above versions, Microsoft and Cybersecurity recommend updating immediately. 

 Event Impact:

Microsoft has not reported and Cybersecurity is not currently aware of any exploits in the wild at this time. Microsoft determined the risk of this threat to be great enough, however, to patch typically unsupported services as exploitation of the vulnerability could be severe. CVE-2019-0708 does not affect Microsoft’s most recent operating systems including Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

 References:

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://support.microsoft.com/en-ae/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://krebsonsecurity.com/tag/cve-2019-0708/

 

Office of Cybersecurity
University of Wisconsin-Madison

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...