What is the CVE-2019-0708 vulnerability?
May 30th, 2019
What is the CVE-2019-0708 vulnerability, and what does it mean to businesses? Gareth Wharton, Hiscox Cyber CEO explains all.
What is CVE-2019-0708 – CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cybersecurity vulnerabilities and exposures. CVE-2019-0708 is a severe vulnerability in a feature called RDP found in older versions of Windows
What is RDP – RDP (Remote Desktop Protocol) is a standard feature of older versions of Windows that allows a user to logon remotely to another windows machine. It is commonly used to connect to servers or other workstations located remotely (either in a data centre or another office location)
Which versions of Windows are affected? – The full list of systems affected are here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 (external link) which includes Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP
How serious is this? All vulnerabilities are ranked on the CVE scale of 1-10. This vulnerability is a 9.8 on the scale so it is deemed very serious. It also requires no user interaction or password to enter a system. An attacker who has successfully exploited this vulnerability would have complete access to a compromised system.
Is there currently an exploit for this vulnerability? At present a number of security research companies claim to have a working exploit for this, but none of them have released it. However, the well-respected SANS institute in the US published guidance a week ago that stated “exploit development is active, and I don’t think you have more than a week.”
What does ‘wormable’ mean? This term means this vulnerability could propagate from vulnerable computer to vulnerable computer by replicating copies of itself without the need for a host program or human interaction. A good example of a computer worm is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days and having a significant impact to services at a number of high-profile organisations.
How do I check which version of Windows I am running? Microsoft provides a simple tool built into every version of Windows to check – here are their instructions on how to run it – https://support.microsoft.com/en-gb/help/13443/windows-which-version-am-i-running (external link)
What happens if I do not install the new security update? If you do not install the new security patch, your Windows system, and eventually your entire network, is at risk of being exploited. This vulnerability is the most severe type, which would allow an attacker to run their code on your machine. This means they can steal your data, use your machine(s) to attack other companies or wipe and/or disable your machine(s)
How do I apply the update? – follow Microsoft’s instructions here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 (external link) we strongly suggest you apply the update on a test or less critical service before rolling it out more widely.
What should I do if I have a Mac? Mac computers are not vulnerable to this particular vulnerability, but we would encourage you to keep all devices patched and up to date.
“At Hiscox we are committed to helping all our customers reduce their cyber risk, and therefore strongly recommend you follow Microsoft’s advice. Our CyberClear customers are covered against a wide range of cyber risks, and in the unfortunate event of a cyber-attack, you have immediate access to our team of experts to get your business back up and running fast.” Says Gareth.