Critical vulnerability in Windows OS

June 2019 Cyber Security

Recently, Microsoft released information about a critical vulnerability in the Windows operating system (CVE-2019-0708). This vulnerability allows remote code execution by an attacker directly from the network using the Remote Desktop Protocol (RDP) in remote desktop services that affects older versions of Windows used by many users worldwide. This attack may affect many computers in every sector and industry including finance, healthcare, government, retail, industrials and others.

Key risks

• An arbitrary attacker from the net can carry out a complete takeover of a private PC within public networks, such as Wi-Fi hotspots.

• Embedded devices such as ATMs or IoT devices are most vulnerable for takeover.

• PCs within organisations’ networks are also vulnerable to a takeover using lateral movement within the network.

Why is this important?

As this vulnerability is placed at the pre-authentication stage and does not require any user interaction, it would allow any arbitrary attacker on the internet to execute malicious code on a victim’s private system and allow for a total takeover of a PC within any network, such as Wi-Fi hotspots, public networks and private and corporate networks.

According to Microsoft, in order to exploit this vulnerability, an attacker would have to send a specially tailored request to the target systems’ Remote Desktop Service via RDP. Given the nature of the vulnerability, once a host is infected there is great risk of lateral movement to infect other connected hosts on the same network.

Put another way and to clarify the potential exploitation of this vulnerability, it could be used in a very similar manner as that of the 2017 WannaCry attack that caused catastrophic disruption and sabotage to thousands of organisations across all industries worldwide.

Who is affected?

Those using certain versions of Microsoft Windows 7 and Windows Server 2008 are at risk from this vulnerability. Customers running Windows 8 and Windows 10 are not affected by this vulnerability due to these later versions incorporating more secure updates.

Those most at risk, among others, are those working with embedded devices such as ATMs in the banking sector and IoT devices in the healthcare industry. This is due to older versions of Windows known to be the systems behind these operations as well as them being prized targets for cyber criminals. As a result, since this vulnerability was announced, security professionals in hospitals and banks have been working diligently to patch their systems.

How to protect yourself

1. Block the RDP protocol on Check Point gateway product and endpoint SandBlast agent.

2. If you are using RDP for mission critical systems – configure the Check Point gateway and endpoint product to accept connections only from trusted devices within your network.

3. Disable RDP on your Windows PC and servers (unless used internally) and deploy the Microsoft patch.

Currently, while Check Point researchers are investigating this vulnerability and monitoring any relevant activity in the wild, we recommend all IT professionals to deploy Microsoft patches according to the MS Security Update Guide.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Where are your crown jewels?
June 2019, Wolfpack Information Risk , Commercial (Industry), Cyber Security, Security Services & Risk Management
Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the GDPR and our PoPIA.

Read more...
Axis 7th generation ARTPEC chip
June 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
Axis has launched its 7th generation ARTPEC chip, optimised for network video, to improve all the signature Axis technologies created to address difficult light conditions.

Read more...
Password awareness critical
June 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
A recent study revealed that digital identity data and information holds significant value to cybercriminals – who craft ways of gaining this data and exploit it on the dark Web for as little as $50.

Read more...
Redstor rescues vets hit by ransomware attack
June 2019 , Cyber Security, Healthcare (Industry)
Redstor, a provider of data management solutions, has come to the rescue of a vet hit by a ransomware attack.

Read more...
Kaspersky Lab to open office in Kigali, Rwanda
June 2019, Kaspersky Lab , News, Cyber Security
Kaspersky Lab has announced plans to open a new office in Kigali, Rwanda, to support the rapid growth of its business in East Africa.

Read more...
SIM swap fraud expands
June 2019 , News, Cyber Security, Financial (Industry)
A new wave of attacks targeting financial services and online services have become very common in South Africa and the wider region.

Read more...
Tackling the insider threat
June 2019, Secnovate , News, Cyber Security
Secnovate and its strategic partner, Condyn, has run a series of executive briefings on insider threats, which represents a growing and important threat vector for all organisations, big and small.

Read more...
Netgear Armor on Orbi Wi-Fi
June 2019, Duxbury Networking , Home Security, Cyber Security, IT infrastructure
Netgear has announced the worldwide availability of Netgear Armor Cyber Threat Protection, powered by Bitdefender, on Orbi Wi-Fi mesh systems, to protect home IT and IoT devices.

Read more...
Six best practices for creating secure passwords
June 2019 , Home Security, Cyber Security
Passwords are like toothbrushes: you want to choose a good one, never share it, and replace it quarterly.

Read more...
Malicious mobile banker packages circulating online grew by 58%
June 2019, Kaspersky Lab , Cyber Security
Mobile banking Trojans usually steal funds directly from mobile users’ bank accounts and there has been a rise in the number of these apps in circulation.

Read more...