Skip to main content

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

Last Update Date: 9 Sep 2019 Release Date: 15 May 2019 8380 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability was identified in Microsoft Windows, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system, and may inject malware to further infect the computers in the same Local Area Network (LAN). As remote desktop service is bundled in general Microsoft system, if the computer is directly connected to the Internet, there is a chance to lead to a larger scale of computer infection and spread out in the Internet.

 

[Updated 18-May-2019]: We noticed some Proof-of-Concept exploit software was being developed. It potentially might develop into a worm-like outbreak in the Internet. As such, the criticality level is changed from Medium to High.

 

Besides, we observed websites claiming to provide (suspicious) patch software related to this vulnerability. We recommend users to go to the official software manufacturer website for the patch software.

 

[Updated 19-Jun-2019]: Windows 2000, Windows Vista and Windows Server 2003 R2 are determined as affected OS.

 

[Updated 9-Sep-2019]: The exploit module from Metasploit is publicly available.

 


Impact

  • Remote Code Execution

System / Technologies affected

  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

Solutions

Before installation of the software, please visit the official software manufacturer web-site for more details.

For securing the group policy configuration of remote desktop service, please refer to the following guideline:

/my_url/en/guideline/18120501


Vulnerability Identifier


Source


Related Link