On May 14th, Microsoft released a security update for a critical vulnerability in Microsoft Remote Desktop Services. The vulnerability is being tracked as CVE-2019-0708. If exploited, a remote and unauthenticated attacker can execute arbitrary code by sending crafted requests. User interaction is not required for successful exploitation.
Exploitation of CVE-2019-0708 has not been noted by Microsoft at this time. Due to the prevalence of RDP and the nature of this vulnerability, eSentire recommends customers take immediate action to address this vulnerability if impacted.
What we’re doing about it
- New MVS (formally esRECON) local Windows plugins identify this vulnerability
- The Threat Intelligence team is monitoring this topic for additional information
What you should do about it
- After performing a business impact review, apply the official Microsoft security updates to affected systems  
- If RDP is not actively required, consider disabling the service or limiting access
CVE-2019-0708 can be exploited by attackers via specially crafted requests sent to through RDP to target systems. Technical details on this vulnerability are limited at this time.
If successfully exploited, CVE-2019-0708 would allow for a wide variety of malicious activity including installing programs, changing data and creating additional user accounts with full user rights.
Affected Windows Versions:
- Windows 7
- Windows Server 2008 R2 (various versions)
- Windows Server 2008 (various versions)
Affected Out-of-Support Versions:
- Windows XP (various versions)
- Windows Server 2003 (various versions)
Microsoft has assessed this as “Exploitation More Likely” for impacted systems. Organizations are encouraged to treat with high priority.