HKCert
  

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

Release Date: 15 / 05 / 2019
Last Update: 09 / 09 / 2019
Risk Level:  


A vulnerability was identified in Microsoft Windows, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system, and may inject malware to further infect the computers in the same Local Area Network (LAN). As remote desktop service is bundled in general Microsoft system, if the computer is directly connected to the Internet, there is a chance to lead to a larger scale of computer infection and spread out in the Internet.

 

[Updated 18-May-2019]: We noticed some Proof-of-Concept exploit software was being developed. It potentially might develop into a worm-like outbreak in the Internet. As such, the criticality level is changed from Medium to High.

 

Besides, we observed websites claiming to provide (suspicious) patch software related to this vulnerability. We recommend users to go to the official software manufacturer website for the patch software.

 

[Updated 19-Jun-2019]: Windows 2000, Windows Vista and Windows Server 2003 R2 are determined as affected OS.

 

[Updated 9-Sep-2019]: The exploit module from Metasploit is publicly available.

 

  • Remote Code Execution
  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

Before installation of the software, please visit the official software manufacturer web-site for more details.

For securing the group policy configuration of remote desktop service, please refer to the following guideline:

https://www.hkcert.org/my_url/en/guideline/18120501