Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019

【外部リンク】
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
★★★★★★★★★★★★★★★
avatar of msrc-teamMSRC TeamMay 14, 20190
0
0
Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
Links to downloads for Windows 2003 and Windows XP 

Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Security Updates
To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.
Product
Platform
Article
Download
Impact
Severity
Supersedence
Windows 7 for 32-bit Systems Service Pack 1 4499164 Monthly Rollup Remote Code Execution Critical
4493472
4499175 Security Only
Windows 7 for x64-based Systems Service Pack 1 4499164 Monthly Rollup Remote Code Execution Critical
4493472
4499175 Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 Monthly Rollup Remote Code Execution Critical
4493471
4499180 Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 Monthly Rollup Remote Code Execution Critical
4493471
4499180 Security Only
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 Monthly Rollup Remote Code Execution Critical
4493471
4499180 Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 Monthly Rollup Remote Code Execution Critical
4493471
4499180 Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 Monthly Rollup Remote Code Execution Critical
4493471
4499180 Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 Monthly Rollup Remote Code Execution Critical
4493472
4499175 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 Monthly Rollup Remote Code Execution Critical
4493472
4499175 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 Monthly Rollup Remote Code Execution Critical
4493472
4499175 Security Only
Mitigations


CVSS Score
The following software versions or editions that are affected have been scored against this vulnerability. Please read the CVSS standards guide to fully understand how CVSS vulnerabilities are scored, and how to interpret CVSS scores.Excel Icon Download
Product
Platform Scores
Vector String
Base
Temporal
Windows 7 for 32-bit Systems Service Pack 1
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows 7 for x64-based Systems Service Pack 1
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 for 32-bit Systems Service Pack 2
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 for Itanium-Based Systems Service Pack 2
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 for x64-based Systems Service Pack 2
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 R2 for x64-based Systems Service Pack 1
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
9.8
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 
Mitigations

【外部リンク】
https://support.microsoft.com/af-za/help/4500705/customer-guidance-for-cve-2019-0708
Platform

Article

Download

Impact

Severity

Windows XP SP3 x86

4500331

Security Update

Remote Code Execution

Critical

Windows XP Professional x64 Edition SP2

4500331

Security Update

Remote Code Execution

Critical

Windows XP Embedded SP3 x86

4500331

Security Update

Remote Code Execution

Critical

Windows Server 2003 SP2 x86

4500331

Security Update

Remote Code Execution

Critical

Windows Server 2003 x64 Edition SP2

4500331

Security Update

Remote Code Execution

Critical



To learn more about the vulnerability, go to CVE-2019-0708.
CVE-2019-0708 | リモートデスクトップサービスにリモートでコードが実行される脆弱性
セキュリティの脆弱性
公開日： 2009/05/14 MITER CVE-2019-0708

このページで
エグゼクティブサマリー
悪用可能性アセスメント
セキュリティアップデート
緩和策
回避策
よくある質問
謝辞
免責事項
改訂
認証されていない攻撃者がRDPを使用してターゲットシステムに接続し、特別に細工した要求を送信すると、リモートデスクトップサービス（以前のターミナルサービスと呼ばれる）にリモートでコードが実行される脆弱性が存在します。この脆弱性は事前認証であり、ユーザーの操作を必要としません。攻撃者がこの脆弱性を悪用した場合、標的のシステム上で任意のコードを実行する可能性があります。その後、攻撃者がプログラムをインストールする可能性があります。データの表示、変更、削除 または完全なユーザー権限を持つ新しいアカウントを作成します。

この脆弱性を悪用するには、攻撃者は特別に細工した要求をRDP経由でターゲットシステムのリモートデスクトップサービスに送信する必要があります。

この更新プログラムはリモートデスクトップサービスが接続要求を処理する方法を修正することによりこの脆弱性を解決します。