ForexVPS.net Logo

Close Forex VPS Plans Dedicated Server Free Forex VPS Broker Latency

Microsoft Remote Desktop Services Remote Code Execution Vulnerability – CVE-2019-0708

Microsoft has announced a critical Remote Desktop Protocol (RDP) security vulnerability. RDP on Microsoft Server 2008/2008 R2 and Windows 7 are affected. Microsoft has also issued patches for End-of-Life operating systems Windows Server 2003 and Windows XP.

An unauthenticated attacker can exploit this vulnerability by connecting to the target system using the Remote Desktop Protocol (RDP) and sending specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

The RDP NLA (network level authentication) security setting mitigates this vulnerability from unauthenticated external attackers and it is the default for our Windows VPS. However, some clients may have disabled NLA.

The RDP NLA security setting can be found by going to the following location in Windows.

Control Panel > System > Remote settings > allow remote connections to this computer > [check] allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)

All Windows VPS clients are recommended to update their VPS as soon as possible as well as double check to ensure the RDP NLA higher security setting is enabled.

Windows VPS can be updated by going to “Control Panel > Windows Update”.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Copyright © 2013-2020 ThinkHuge Ltd. dba ForexVPS.net. | Address: 1301 Bank of America Tower, 12 Harcourt Road, Central, Hong Kong 1000 | Terms | Privacy Policy
Caution: Trading involves the possibility of financial loss. Only trade with money that you are prepared to lose, you must recognise that for factors outside your control you may lose all of the money in your trading account. Many forex brokers also hold you liable for losses that exceed your trading capital. So you may stand to lose more money than is in your account. ForexVPS.net does not guarantee the profitability of trades executed on its systems. We have no knowledge on the level of money you are trading with or the level of risk you are taking with each trade. You must make your own financial decisions, we take no responsibility for money made or lost as a result of using our servers or advice on forex related products on this website.