The company urged users to download the latest Windows update for the affected systems, which fixes a critical remote code execution vulnerability in the Remote Desktop Services process. An estimated 3 million Remote Desktop Protocol endpoints are now exposed to the internet, according to security researcher Kevin Beaumont, citing data from device search engine Shodan. Four handle remote code execution vulnerabilties in the Windows dynamic host control protocol (DHCP) server that assigns internet protocol addresses to clients, as well as flaws in the GDI+ graphics rendering component and Microsoft Word. The vulnerability is present in Windows 7, Windows Server 2008 and Windows Server 2008 R2, but not in newer systems.
"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware", says Redmond.
"CVE-2019-0708 should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks", argued Recorded Future senior solutions architect, Allan Liska. The company announced today that they will be updating the application with new features that should make the app a little bit easier to use. You can also download the patches here. Not so for CVE-2019-0863, an elevation of privilege flaw in Windows Error Reporting (WER) deals with files, which Microsoft says is being used by crooks to fully compromise infected machines.
MDS is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. Only 1.6% of desktop computers are still using Windows XP, but some other systems - including many ATM machines - still rely on it. In some cases, installing these updates will have a performance impact.