What is the CVE-2019-0708 vulnerability?

May 31, 2019

What is the CVE-2019-0708 vulnerability, and what does it mean to businesses? Meghan Hannes, Hiscox USA Cyber Product Head explains.

There is a new operating system flaw affecting some older versions of Microsoft Windows. Here’s what you need to know to keep your system safe.

What is CVE-2019-0708? 

CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cyber security vulnerabilities and exposures. CVE-2019-0708 is a severe vulnerability in a feature called RDP found in older versions of Windows.

What is RDP?

RDP (Remote Desktop Protocol) is a standard feature of older versions of Windows that allows a user to logon remotely to another Windows machine. It is commonly used to connect to servers or other workstations located remotely (either in a data center or another office location).

Which versions of Windows are affected?

The full list of systems affected are here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708. Affecting operating systems include Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP.

How serious is this?

All vulnerabilities are ranked on the CVE scale of 1-10. This vulnerability is a 9.8 on the scale so it is deemed very serious. It requires no user interaction or password to enter a system. An attacker who has successfully exploited this vulnerability would have complete access to a compromised system.

Is there currently an exploit for this vulnerability?

Presently, a number of security research companies claim to have a working exploit for this, but none of them have released it. However, the well-respected SANS Institute published guidance a week ago that stated “exploit development is active, and I don’t think you have more than a week.”

How does it work?

This vulnerability is wormable, which means it could propagate from one vulnerable computer to the next by replicating copies of itself without the need for a host program or human interaction. A good example of a computer worm is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days and significantly impacting services at a number of high-profile organizations.

How do I check which version of Windows I am running? 

Microsoft provides a simple tool built into every version of Windows to check the version. Here are their instructions on how to run it: https://support.microsoft.com/en-gb/help/13443/windows-which-version-am-i-running

What happens if I do not install the new security update?

If you do not install the new security patch your Windows system, and eventually your entire network, is at risk of being exploited. This vulnerability is the most severe type, which would allow an attacker to run their code on your machine. This means they can steal your data, use your machine(s) to attack other companies or wipe and/or disable your machine(s).

How do I apply the update?

Follow Microsoft’s instructions here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708.We strongly suggest you apply the update on a test or less critical service before rolling it out more widely.

What should I do if I have a Mac?

Mac computers are not vulnerable to this particular issue, but we would encourage you to keep all devices patched and up to date.

“At Hiscox we are committed to helping all our customers reduce their cyber risk, and therefore strongly recommend you follow Microsoft’s advice, and pass it on to vendors and others whose systems you may interact with. Our CyberClear customers are covered against a wide range of cyber risks, and in the unfortunate event of a cyber attack, you have immediate access to our team of experts to get your business back up and running fast,” said Hannes.