Microsoft has announced that it has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The affected versions of Windows are Windows 7, Windows XP, Windows 2003 and Windows Server 2008, so we strongly suggest downloading and applying this security fix in case you are using the aforementioned OSes.
For those interested, Microsoft shared some additional details about this security vulnerability.
“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. “
Downloads for in-support versions of Windows (Windows 7, Windows Server 2008 R2, and Windows Server 2008) can be found in the Microsoft Security Update Guide. Those using out-of-support systems (like Windows 2003 and Windows XP), can download the KB4500705 update in which Microsoft has implemented the necessary security fixes.
Last but not least, customers running Windows 8 and Windows 10 are not affected by this vulnerability so you should not worry about it in case you are using either of these two operating systems.