Jump to content
Come try out our new Arcade we just put up, new games added weekly. Link at the top of the website ×

UW-Madison Cybersecurity Announcement: Microsoft patch release for unsupported OS (CVE-2019-0708)


djMot

Recommended Posts


  • Member ID:  3189
  • Group:  *** Clan Members
  • Followers:  93
  • Topic Count:  355
  • Topics Per Day:  0.08
  • Content Count:  5230
  • Content Per Day:  1.18
  • Reputation:   11104
  • Achievement Points:  48729
  • Solved Content:  0
  • Days Won:  112
  • Joined:  02/11/12
  • Status:  Offline
  • Last Seen:  
  • Birthday:  12/24/1957
  • Device:  Windows

About the Event:

On May 14, 2019 Microsoft released security updates for a number of systems, including many which are typically unsupported.

 CVE-2019-0708 addresses a remote code execution vulnerability in Remote Desktop services. The vulnerability does not require user interaction and would allow attacks to spread from infected computer to computer similar to how the WannaCry ransomware attacks worked in 2017. A successful attack could allow programs to be installed, data to be viewed, changed or deleted or new accounts with full rights created.

 Security patches for the unsupported systems were released separately.

 Actions to Consider:

The following versions are affected: 

  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-Based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows XP SP3 x86
  • Windows XP Professional x64 Edition SP2
  • Windows XP Embedded SP3 x86
  • Windows Server 2003 SP2 x86
  • Windows Server 2003 x64 Edition SP2

 If you are running any of the above versions, Microsoft and Cybersecurity recommend updating immediately. 

 Event Impact:

Microsoft has not reported and Cybersecurity is not currently aware of any exploits in the wild at this time. Microsoft determined the risk of this threat to be great enough, however, to patch typically unsupported services as exploitation of the vulnerability could be severe. CVE-2019-0708 does not affect Microsoft’s most recent operating systems including Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

 References:

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://support.microsoft.com/en-ae/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://krebsonsecurity.com/tag/cve-2019-0708/

 

Office of Cybersecurity
University of Wisconsin-Madison

Link to comment
Share on other sites



  • Member ID:  20987
  • Group:  +++ Insurgency Head Admin
  • Followers:  21
  • Topic Count:  190
  • Topics Per Day:  0.05
  • Content Count:  1794
  • Content Per Day:  0.49
  • Reputation:   1774
  • Achievement Points:  14303
  • Solved Content:  0
  • Days Won:  0
  • Joined:  03/21/14
  • Status:  Offline
  • Last Seen:  
  • Birthday:  01/09/1996
  • Device:  Windows

Cheers got mine updated yesterday!

They even did a security update for XP due to it , which is no longer supported which says alot about the update

Link to comment
Share on other sites


Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.