Home / Technology / Windows Remote Desktop Services Vulnerability: BSI Warns Dangers à la WannaCry

Windows Remote Desktop Services Vulnerability: BSI Warns Dangers à la WannaCry



The German Federal Information Security Agency (BSI) has issued a press release on a critical vulnerability in Remote Desktop Services (Remote Desktop Services) of some versions of Windows that can be used remotely and without authentication.

Microsoft closed the vulnerability with the CVE-201

9-0708 tag yesterday in the wake of Patchday. BSI recommends users to paste the patch immediately, as the vulnerability allows malware to be "wormably propagated".

All versions of Windows Client and Windows Server are affected by CVE-2019-0708 through Windows 7 and Windows Server 2008 – except for Windows 8 and 10 .

Microsoft confirms BSI's assessment in its own security statement: CVE-2019-0708 is really "wormable". [19659005] Automated malicious code spread risk

To clarify the threat caused by the vulnerability, the press release cites BSI President Arne Schönbohm, who says, "This critical vulnerability can lead to attacks that are as devastating as 2017 WannaCry had to experience." 19659003] In May 2017, Ransomware WannCry paralyzed over hundreds of thousands of Windows systems and hit the infrastructure large corporations and authorities. Among other things, it spread by utilizing known vulnerabilities as a classic computer mask from one network computer to the next.

To date, neither BSI nor Microsoft has seen a case in which the gap was actually used actively. But both agree that this will probably change soon.

Users of potentially vulnerable systems should update them immediately. If you use versions of Windows that Microsoft no longer supports, such as XP or Server 2003, you may need to download the updates manually. Microsoft Security Advisory provides links to all available downloads.

BSI also recommends disabling remote desktop services if not used. Otherwise, external connections should be limited to specific network areas or addresses, and the remote desktop protocol log files should be logged for control purposes.

More about:


(ovw)




Source link