Posted on 05/20/2019 5:30:49 PM PDT by dayglored
[dayglored's note: This is direct from the horse's mouth, Microsoft Technet. It's a bad one, like the WannaCry malware from a couple years ago.]
Today [May 14] Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services formerly known as Terminal Services that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.
Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.
Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.
Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.
There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against wormable malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
It is for these reasons that we strongly advise that all affected systems irrespective of whether NLA is enabled or not should be updated as soon as possible.
Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
Links to downloads for Windows 2003 and Windows XP
Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC)
I won't call you paranoid. I'll call you cautious.
Unless there's good reason to enable an external access service (RDP or any other), leave 'em off!
Well, thanks for the heads up.
bkmk
Which one do I download for Windows 7, Monthly Rollup or Security only?
I just had a WIN 10 update an hour ago. It was the Win 10 1809 update.
That box that has Win98 has a video card that I cannot use in any later version of Windows. It does a single frame capture.
I cannot recall launching a browser there in a decade.
It does run Visual Basic 5 to automate the capture function.
It is using Windows drive share with the other machines in the house. Those being WinXP, Win7 and linux. I hope the shares are secure.
Great. MS “patched” my Win7 the other day. I turned it on the next morning to find it had bluescreened.
Thanks...I think. In the middle of installing 170 updates (!) I didn’t think I was that out of the loop. Last I went through this was APR 2019. What’s that in dog years?
AFAIK the "Security Only" differs from the "Monthly Rollup" in that it only addresses actual security vulnerabilities. The Monthly Rollup has those, but also includes non-security related bug fixes and occasional feature fixes.
Personally I keep my Win7 machines fully patched, so I get the rollups. But if you only want security fixes, then use the other.
Thank you for taking the time to answer my question!
No kidding! I imagine that a lot of the remote/embedded XP based systems like ATMs probably are accessed by RDP. Yikes!
So, I went to the security choice for my Win 7 64 bit laptop and it asked me if I wanted to save 4491755 to file ?? Didn’t seem to do anything. How do you just turn off remote desktop to be sure you aren’t open to attack?
If you did the monthly rollup system update for May, you are A-OK.
Control Panel -> System -> Remote Settings -> Remote
Under "Remote Assistance", UN-CHECK "Allow Remote Assistance..."
Under "Remote Desktop", CHECK "Don't allow connections to this computer"
Click OK, close Control Panel.
While we're on the topic of security, I'll mention in passing the Steve Gibson service and utility for reducing general vulnerability by making your Windows box less visible to the Internet.
I also found the following article, which popped up in a quick Google search for UPnP vulnerabilities, to be reasonably interesting:
UPnP: Vulnerability As a Feature That Just Wont Die
BTW, Mr. Gibson's website also has a number of other freeware downloads. I kind of like the one for assigning a unique beep, boop, or bong to each key from A through Z. It's not my cup of tea, but the idea of driving nearby lurkers crazy with a random melody has its points. ^^;
Thanks dayglored...
Those were the settings on my Win7 laptop. Is it still vulnerable?
Right now the Microsoft page won't load for me, maybe because of my slow connection, thus I'm a bit in the dark as to what to do.
And shame on those people using default 3389 with a port open on their router.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.