23 years
97.9 Customer Satisfaction Score
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

Impacted Systems:

  • Windows Server 2003
  • Windows XP
  • Windows7
  • Windows Server 2008

Nonimpacted Systems:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

CVE-2019-0708

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

  • If you don’t need the Remote Desktop Services, you can disable it.
  • Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
  • Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Martin Feldman
Martin Feldman
16:43 26 Jun 19
As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more
Rebecca Fischer
Rebecca Fischer
16:39 26 Jun 19
Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews
js_loader