On May 15, 2019, Microsoft released security updates to address a remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. This vulnerability has negatively impacted some earlier Windows versions.
User authentication is not required in this vulnerability exploitation. Unauthenticated users may use RDP port 3389 to connect with the target server and send specially crafted requests. This enables the users to execute arbitrary commands on the target server or spread worms to infect other servers in the internal network.
On May 22, 2019, Cloud Firewall released a virtual patch to address this vulnerability. We recommend that you enable this virtual patch (enabled by default when Cloud Firewall service is activated) and traffic control mode for protection.
- Windows 7
- Windows Server 2008 R2
- Windows Server 2008
- Windows 2003
- Windows XP
Policy: command execution
Risk level: high
Policy-based protection: A virtual patch is available in the Cloud Firewall console to address this vulnerability.
- We recommend that users of Windows 7, Windows Server 2008, and Windows Server 2008 R2 install the Windows security patch.
- We recommend that users of Windows 2003 and Windows XP update the system or install the Windows security patch.
- Log on to the Cloud Firewall console. Choose Intrusion prevention policies feature. , and enable the
- In the Cloud Firewall console, choose allows only trusted sources or denies all requests from regions except the trusted regions. . Create an access control policy that