LATEST NEWS

DataBank Establishes $725M Financing Facility to Support Growth. Read the press release.

DataBank DataBank
Get a Quote Schedule a Tour
DataBank DataBank
Get a Quote Schedule a Tour
Microsoft Patches Windows 2003 and 2008 RDP with CVE-2019-0708
Blog

Microsoft Patches Windows 2003 and 2008 RDP with CVE-2019-0708

CVE-2019-0708 and Remote Desktop Services

On May 14, 2019, Microsoft released a patch for Windows 2003, Windows 2008, and Windows 2008 R2 servers. The specific patch mitigates the possibility that an attack could happen via Remote Desktop Protocol (RDP).   It is important to note that RDP is not by itself vulnerable.  This exploit is pre-authentication and does not require user interaction.  If exploited, the vulnerability could spread to other vulnerable servers in a worm-like fashion.  To exploit this vulnerability, an attacker would need to send a specially crafted request to the server via RDP.  The exploit could then run code to take over control of a system, delete files, and/or install programs.

Is there an exploit available for this yet?

At the time of this writing, there is not a public exploit available.  However, given the severity of the patch (Critical), it is likely only a matter of time before an exploit becomes available.

Which server versions are affected?

Windows 2003, Windows 2008, and Windows 2008 R2.  While Windows 2003 is no longer supported by Microsoft, this is an out of band patch that is being released. Customers should consider migrating away from Windows 2003 to a supported OS.

Our servers are protected by VPN though.  Does that help mitigate the risk?

While DataBank always recommends locking down ports on the firewall and using secure methods of connecting to a server, such as via VPN, this does not prevent an exploit from occurring.  While a VPN does lower the surface area of an attack as the communication is encrypted and the RDP service is not opened externally, the risk still exists until the patch is deployed.  The risk can also be partially mitigated with Network Level Authentication (NLA) in that the exploit would not spread to other vulnerable systems with NLA enabled.  DataBank recommends deploying the patch as soon as possible.

Where can I download the patch and apply it?

More information on the patch and how to download it is available in the Microsoft Update Catalog.

Share Article

Categories

Discover the DataBank Difference

Discover the DataBank Difference

Explore the eight critical factors that define our Data Center Evolved approach and set us apart from other providers.
Download Now
Get Started

Get Started

Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.

Get A Quote

Request a Quote

Tell us about your infrastructure requirements and how to reach you, and one of the team members will be in touch.

Schedule a Tour

Tour Our Facilities

Let us know which data center you’d like to visit and how to reach you, and one of the team members will be in touch shortly.