This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered vulnerability affecting Remote Desktop Services / Terminal Services on the older Windows Server 2008 OS, as well as the Windows 7 workstation OS. This vulnerability allows unauthenticated attacker to connect to the target system using RDP, and send specially crafted requests to gain full access on the target system.
Impact
Upon successful exploitation of this vulnerability, the attacker can execute arbitrary code on the target system, which allows the attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Affected OS
- Windows Server 2008
- Windows 7 (OS for workstations)
Newer versions of Windows are NOT affected:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
How to Fix the Problem
To ensure that your Windows Server 2008 servelets (and your Windows 7 workstations, if any) are not vulnerable, please run Windows Update to install all the critical updates and patches. Restart your servelets / workstations once all the updates have been installed.
More information
CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
Vulnerability Details : CVE-2019-0708
Request Assistance
We can perform Windows Update on your Windows Server 2008 servelets at a one-time discounted fee of $45. Please submit your order at Order -> Additional Services -> WINDOWS: HTTP.sys; Schannel; Freak Attack (Win) - $45.
Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: yourservelethostname
IP Address: 103.25.202.81
OS Template: Windows Server 2008
Thank you.