On May 15, 2019, the emergency response center of Alibaba Cloud Security detected that Microsoft released a security patch to fix the remote code execution vulnerability (CVE-2019-0708) of Windows Remote Desktop Services (RDS). Attackers can exploit this vulnerability to obtain Windows server privileges.
Description
Microsoft released a security patch to fix the remote code execution vulnerability (CVE-2019-0708) of Windows RDS. This vulnerability has negatively impacted some earlier Windows versions. User authentication is not required. Unauthenticated users may use RDP port 3389 to connect to the target server and send specially crafted requests. This allows users to execute arbitrary commands on the target server or infect internal servers with spread worms. This vulnerability is similar to the one used to launch ransomware attacks, such as WannaCry in 2017.
Severity level
CVE-2019-0708: Critical
Affected versions
Windows 7
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows XP
Vulnerability fix
- Log on to the Security Center console, choose in the left-side navigation pane, click the Windows System tab, and click Fix to fix the vulnerability.
- Use the vulnerability patch released on the Microsoft website to fix the vulnerability.
- We recommend that users of Windows 7, Windows Server 2008, and Windows Server 2008 R2 install the Windows security patch.
- We recommend that users of Windows Server 2003 and Windows XP update the system or install the Windows security patch.
Vulnerability prevention
You can use security groups and the access control feature of Cloud Firewall to protect against this RDP vulnerability.
- If you did not purchase the Cloud Firewall service, you can use the security group
feature to temporarily deny RDP ports access to inbound traffic to defend against
vulnerabilities.
The following figure shows detailed security group configurations.
- If you have purchased the Cloud Firewall service, you can use Cloud Firewall north-south
access control policies to control RDP and defend against vulnerabilities.
- Set Policy Action to Allow to allow RDP port access to inbound traffic from trusted sources.
The following figure shows detailed configurations.
- Set Policy Action to Deny to deny RDP port access to inbound traffic from untrusted sources.
The following figure shows detailed configurations.
- Set Policy Action to Allow to allow RDP port access to inbound traffic from trusted sources.