On May 15, 2019, Microsoft released security updates to address a remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. This vulnerability has negatively impacted some earlier Windows versions.

User authentication is not required in this vulnerability exploitation. Unauthenticated users may use RDP port 3389 to connect with the target server and send specially crafted requests. This enables the users to execute arbitrary commands on the target server or spread worms to infect other servers in the internal network.

On May 22, 2019, Cloud Firewall released a virtual patch to address this vulnerability. We recommend that you enable this virtual patch (enabled by default when Cloud Firewall service is activated) and traffic control mode for protection.

Impacted versions:
  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 2003
  • Windows XP

Policy: command execution

Risk level: high

Policy-based protection: A virtual patch is available in the Cloud Firewall console to address this vulnerability.

Security tips

  1. We recommend that users of Windows 7, Windows Server 2008, and Windows Server 2008 R2 install the Windows security patch.
  2. We recommend that users of Windows 2003 and Windows XP update the system or install the Windows security patch.
  3. Log on to the Cloud Firewall console. Choose Security Policies > Intrusion Prevention, and enable the Intrusion prevention policies feature.
  4. In the Cloud Firewall console, choose Security Policies > Access Control > Internet Firewall > Inbound Policies. Create an access control policy that allows only trusted sources or denies all requests from regions except the trusted regions.