Microsoft Windows security vulnerability

Recommended Action

Microsoft has released an update which fixes the vulnerability and strongly advises that all affected systems should be updated as soon as possible.

Your clients can find more information on the vulnerability and download the security update from Microsoft’s website: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 *

At BOXX, we are committed to helping all our brokers and their customers reduce their cyber risk, and therefore we strongly recommend you share this communication following Microsoft’s advice.

Frequently Asked Questions

What is CVE-2019-0708? 

CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cyber security vulnerabilities and exposures. CVE-2019-0708 is a severe vulnerability in a feature called RDP found in older versions of Windows.

What is RDP?

RDP (Remote Desktop Protocol) is a standard feature of older versions of Windows to allow a user to logon remotely to another windows machine. It’s commonly used to connect to servers or other workstations located remotely (either in a data centre or another office location).

Which versions of Windows are affected? 

The full list of systems affected versions are here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708which includes Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP.

How serious is this?

All vulnerabilities are ranked on the CVE scale of 1-10. this vulnerability is a 9.8 on the scale so it is deemed very serious. It also requires no user interaction or password to enter a system. An attacker who has successfully exploited this vulnerability would have complete access to a compromised system.

Is there currently an exploit for this vulnerability?

At present a number of security research companies claim to have a working exploit for this, but none of them have released it. However the well-respected SANS institute in the US published guidance a week ago that stated “exploit development is active, and I don’t think you have more than a week.”

How does my client check which version of Windows they’re running?

Microsoft provide a simple tool built into every version of Windows to check – here’s their instructions on how to run it – https://support.microsoft.com/en-gb/help/13443/windows-which-version-am-i-running

What does ‘wormable’ mean?

This term means this vulnerability could propagate from vulnerable computer to vulnerable computer by replicating copies of itself without the need for a host program or human interaction. A good example of a computer worm is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days and having significant impact to services at a number of high-profile organizations.

What happens if the new security update isn’t installed?

If your client doesn’t install the new security patch, their Windows system, and eventually their entire network, is at risk of being exploited. This vulnerability is the most severe type, which would allow an attacker to run their code on your client’s machine. This means they can steal their data, use their machine(s) to attack other companies or wipe and/or disable their machine(s).

How does my client apply the update?

Follow Microsoft’s instructions here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 We strongly suggest your client applies the update on a test or less critical service before rolling it out more widely.

What should clients do if they have a Mac?

Mac computers are not vulnerable to this particular vulnerability, but we would encourage you to keep all devices patched and up to date.