Microsoft emergency release CVE-2019-0708 vulnerability fixes-bug warning-the black bar safety net

2019 5 on 14 September, Microsoft is the emergency release for the Remote Desktop service Remote Desktop Service, RDP, previously known as Terminal Services remote code execution vulnerability CVE-2019-0708 fix, the vulnerability affects some older versions of Windows system such as Windows XP, Windows Server 2003, Windows 7, Windows Server 2008, etc.
Theoretically, the Remote Desktop Services does not in itself vulnerable to attack, but once attacked, the consequences however could be disastrous. If you still don’t know the vulnerability of power, please think about 2017 5 on the outbreak of the WannaCry, also called Wanna Decryptor to.
CVE-2019-0708 vulnerability simply by pre-authentication, pre-authentication and no user interaction will be able to achieve the attack, which means that it and WannaCry the same, all belong to a“worm”attack. This vulnerability can be through the network worms of the way be utilized, the use of this vulnerability with any malicious software are possible from the infected computer to spread to other vulnerable computers, in a manner and 2017 WannaCry malware spread in a similar way.
Although the Microsoft Security Response Center MSRC temporarily did not find favor with this vulnerability the malicious samples, but still want to be fully prepared. A recent study found that a malicious attacker is likely for this vulnerability to write an exploit program, and embedding it into their own malware.
The scope of the impact
· Windows 7;
· Windows Server 2008 R2;
· Windows Server 2008;
· Windows 2003；
· Windows XP; the
Please note: Windows 8 and Windows 10 and later version users are not affected by this vulnerability.
Repair way
Can be in Microsoft Security Update Guide found in the support Windows version download, using a supported version of Windows and enable the automatic update client will automatically be protected.
Unsupported systems including Windows 2003 and Windows XP, if you use an unsupported version, the solution to this vulnerability is the best way to upgrade to the latest version of Windows. Even so, Microsoft is still in the KB4500705 for these unsupported versions of Windows to provide a fix.
In the enable network level authentication NLA of affected system may be part of the mitigation could exploit this vulnerability“suspicious”malware or advanced malicious software threat, because the NLA in the trigger the vulnerability before the need for authentication. However, if the attacker has can be used to successfully authenticate with valid credentials, the affected system is still vulnerable to remote execution code execution RCE of the attack.
For these reasons, Microsoft strongly recommends that all affected systems, whether NLA is enabled, it should be updated soon.
Possible attack power
Successful exploitation of this vulnerability an attacker can be on the target system, execute arbitrary code, then an attacker can install a malicious program, and then view, change, or delete the target data on the device, and even create a full user permissions to the new account.
To exploit this vulnerability method
To exploit this vulnerability, an attacker would need to via RDP to the target system the Remote Desktop service to send a send a specially design request.
Reference and source:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/?from=groupmessage&isappinstalled=0