cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee+
Employee+

An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Services

As part of the Microsoft May release, MS has announced on a Remote Code Execution vulnerability in Remote Desktop Services, CVE-2019-0708. At this time, there are no indications of the vulnerability exploited in the wild or the existence of a public PoC. Check Point researchers are investigating this and monitoring any relevant activity in the wild. Check Point recommendation is to monitor affected systems and deploy MS fix according to  MS Security Update Guide. Customers who do not need a Remote Desktop Protocol can block the protocol on the Gateway and EndPoint Firewalls.

5 Replies
Stuey
Ivory

Re: An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Servi

Hi I believe there is now an exploit confirmed in the wild. Are you working on signatures for this? 

 

https://twitter.com/cBekrar/status/1128712967845961728

 

"We've confirmed exploitability of Windows Pre-Auth RDP bug (CVE-2019-0708) patched yesterday by Microsoft. Exploit works remotely, without authentication, and provides SYSTEM privileges on Windows Srv 2008, Win 7, Win 2003, XP. Enabling NLA mitigates the bug. Patch now or GFY!"

Re: An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Servi

As far as I understand, Microsoft did not share any details concerning this CVE, yet, other than it is patched.

Re: An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Servi

Why don't you ask Kaspersky for some details in order to come up with an IPS sig.They seem to be offering information.Patching of course is the real answer along with not allowing RDP from the internet.

https://twitter.com/oct0xor/status/1130534732863803400
0 Kudos
RickLin
Silver

Re: An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Servi

1.jpg2.jpg

Re: An update regarding CVE-2019-0708, a Remote Code Execution vulnerability in Remote Desktop Servi

Correct, the CVE protection is now part of the latest IPS update.