Security vulnerability warning(CVE-2019-0708)
Microsoft released an important security bulletin on May 14, 2019. Its operating system Remote Desktop Services, commonly known as the 3389 service, has serious security vulnerabilities (number CVE-2019-0708): the attacker does not have any authorization. The remote 3389 service can be directly attacked by the operating system to perform malicious attacks on the victim host, including installing backdoors, viewing and tampering with private data, and creating new accounts with full user rights, ranging from Windows XP to Windows 2008 R2. . Due to the wide range of 3389 service applications and the low exploitation conditions, as long as the service port is open, the vulnerability impact and hazard procedures are comparable to "WannaCry". Therefore, Microsoft has released security patches for this vulnerability for Windows XP and Windows 2003 systems that have stopped supporting.
Repair suggestions:
1. Upgrade the official Microsoft patch:
Older systems such as Windos XP and Windows 2003 need to be manually downloaded: https://support.microsoft.com/en-ca/help/4500705/customer-guidance-for-cve-2019-0708;
Windows 7 and Windows 2008 systems can be upgraded automatically. Manual upgrade can be downloaded from the following link: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499175;
2. If not necessary, please turn off Remote Desktop Services;
CeRaNetworks will temporarily block port 3389 in the routes, you can submit a ticket or contact us online customer service (We can help you with following operations, please provide your server's system administrator password) to install patches and modify RDP port .
Microsoft official announcement:
Wednesday, May 15, 2019