Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability
RISK: High Risk
TYPE: Operating Systems - Windows OS
A vulnerability was identified in Microsoft Windows, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system, and may inject malware to further infect the computers in the same Local Area Network (LAN). As remote desktop service is bundled in general Microsoft system, if the computer is directly connected to the Internet, there is a chance to lead to a larger scale of computer infection and spread out in the Internet.
[Updated 18-May-2019]: We noticed some Proof-of-Concept exploit software was being developed. It potentially might develop into a worm-like outbreak in the Internet. As such, the criticality level is changed from Medium to High.
Besides, we observed websites claiming to provide (suspicious) patch software related to this vulnerability. We recommend users to go to the official software manufacturer website for the patch software.
[Updated 19-Jun-2019]: Windows 2000, Windows Vista and Windows Server 2003 R2 are determined as affected OS.
[Updated 9-Sep-2019]: The exploit module from Metasploit is publicly available.
- Remote Code Execution
System / Technologies affected
- Windows 2000
- Windows Vista
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
Before installation of the software, please visit the official software manufacturer web-site for more details.
- Apply fixes issued by the vendor:
Windows 7, Windows Server 2008 R2 and Windows Server 2008
Windows Vista, Windows XP, Window 2003 R2 and Windows Server 2003
- The workaround for Windows 2000 users:
- Upgrade end-of-life OS
- Use the no patch system in the isolated environment
- Turn off Remote Desktop Services (RDS)
For securing the group policy configuration of remote desktop service, please refer to the following guideline: