Critical Remote "Wormable" Windows Vulnerability (May 15, 2019)
Microsoft has issued a patch for vulnerability CVE-2019-0708, a vulnerability in its Remote Desktop Services that can be remotely exploited via RDP, without authentication. An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system, and then install programs, change data, and even create new accounts with full user rights.
Recommendation: Patch Tuesday should be expected every month in order to apply the latest security patches to software utilized by your company. In Microsoft’s case, it is common for new vulnerabilities to be identified quite regularly. Utilizing the automatic update feature in Windows may be a good mediation step to ensure that your company is always using the most recent and secure version.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.