In WannaCry two-year anniversary, Windows is again exposed to the presence of high-risk remote vulnerability. 5 on 15 May, Microsoft official released the 5, on security update patches a total fix 82 vulnerabilities, which contains for Remote Desktop RDP services remote code execution vulnerability CVE-2019-0708 the.
!
According to the Microsoft Security Response Center MSRC published a blog post, the Remote Desktop Protocol RDP in itself is not easy to receive the attack, this vulnerability is pre-authentication, without user interaction. This means that the use of this vulnerability and any future malicious software are possible with the 2017 WannaCry malicious software all over the world in a similar manner, from vulnerable computers to spread to other computers.
To exploit the vulnerability, an attacker could install programs, view, change, or delete data, or create with full user permissions to the new account. This vulnerability exists temptation imaginable, as long as the POC release, it is possible to in the most people did not have time to update the case of the repetition of WannaCry it.
But so far, also did not find any malicious behavior exploit this vulnerability, GitHub appears on many take advantage of this message lie Star, fishing or prank.
! [](/Article/UploadPic/2019-5/201951519518174. png)
You think is an exploit…
! [](/Article/UploadPic/2019-5/201951519518566. png)
Just wanted to tell you: Never Gonna Give You Up.
CVE-2019-0708 vulnerability scope:
Windows 7
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 has stopped maintenance
Windows XP has stopped maintenance
In addition to Win8, Win 10 with almost all Windows versions are affected by this vulnerability. Although Microsoft has stopped the Windows 2003 and Windows XP support, but due to this vulnerability the degree of harm is high, Microsoft the repair patch covering all of the affected versions of Windows.
Safety recommendations