Cyber Alert: Microsoft Windows Security Vulnerability
Updated: Feb 25
BOXX wants to alert you of a new computer flaw, identified by Microsoft as 'CVE-2019-0708', that affects some older versions of Microsoft Windows.
Vulnerable systems at risk include; Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP and the flaw is believed to potentially effect over 1 million devices.
If your clients use any of the above operating systems, we believe this vulnerability may pose a significant risk to their computer systems. This type of vulnerability could propagate from computer to computer by replicating copies of itself without the need for a host program or human interaction. A good example of a similar vulnerability is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days.
Microsoft has released an update which fixes the vulnerability and strongly advises that all affected systems should be updated as soon as possible.
Your clients can find more information on the vulnerability and download the security update from Microsoft’s website: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 *
At BOXX, we are committed to helping all our brokers and their customers reduce their cyber risk, and therefore we strongly recommend you share this communication following Microsoft’s advice.
If your clients have any questions about this vulnerability or how to apply the update, they will need to contact their preferred IT service provider.
*If you are uncomfortable clicking on the link above, simply enter the term ‘Microsoft CVE-2019-0708’ using your preferred web search provider.
Frequently Asked Questions
What is CVE-2019-0708? CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cyber security vulnerabilities and exposures. CVE-2019-0708 is a severe vulnerability in a feature called RDP found in older versions of Windows.
What is RDP? RDP (Remote Desktop Protocol) is a standard feature of older versions of Windows to allow a user to logon remotely to another windows machine. It's commonly used to connect to servers or other workstations located remotely (either in a data centre or another office location).
Which versions of Windows are affected? The full list of systems affected versions are here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708which includes Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP.
How serious is this? All vulnerabilities are ranked on the CVE scale of 1-10. this vulnerability is a 9.8 on the scale so it is deemed very serious. It also requires no user interaction or password to enter a system. An attacker who has successfully exploited this vulnerability would have complete access to a compromised system.
Is there currently an exploit for this vulnerability? At present a number of security research companies claim to have a working exploit for this, but none of them have released it. However the well-respected SANS institute in the US published guidance a week ago that stated “exploit development is active, and I don't think you have more than a week.”
How does my client check which version of Windows they're running? Microsoft provide a simple tool built into every version of Windows to check – here’s their instructions on how to run it - https://support.microsoft.com/en-gb/help/13443/windows-which-version-am-i-running
What does ‘wormable’ mean? This term means this vulnerability could propagate from vulnerable computer to vulnerable computer by replicating copies of itself without the need for a host program or human interaction. A good example of a computer worm is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days and having significant impact to services at a number of high-profile organisations.
What happens if the new security update isn't installed? If your client doesn't install the new security patch, their Windows system, and eventually their entire network, is at risk of being exploited. This vulnerability is the most severe type, which would allow an attacker to run their code on your client's machine. This means they can steal their data, use their machine(s) to attack other companies or wipe and/or disable their machine(s).
How does my client apply the update? Follow Microsoft’s instructions here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 We strongly suggest your client applies the update on a test or less critical service before rolling it out more widely.
What should clients do if they have a Mac? Mac computers are not vulnerable to this particular vulnerability, but we would encourage you to keep all devices patched and up to date.