Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.

Information

Bugtraq ID: 108273
Class: Design Error
CVE: CVE-2019-0708

Remote: Yes
Local: No
Published: May 14 2019 12:00AM
Updated: May 31 2019 04:00AM
Credit: The UK's National Cyber Security Centre (NCSC)
Vulnerable: Microsoft Windows XP 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2003 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Proof of concept for CVE-2019-0708 (Github)
  
• Microsoft Homepage (Microsoft)
  
• Microsoft Windows Homepage (Microsoft )
  
• CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability (Microsoft)
  
• Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) (Microsoft)
  

Source: www.securityfocus.com