ISN 2019-04: RDP Vulnerability in WES7

Announced 7 June 2019

Score: Critical

A security issue in Remote Desktop Services affects IGEL Windows Embedded Standard 7 (WES7) in all versions.

Details

Microsoft has reported a remote code execution vulnerability (CVE-2019-0708, KB4499175) in Remote Desktop Services (formerly known as Terminal Services) affecting many Windows versions up to 7. An unauthenticated attacker can remotely install programs, view, change, or delete data, or create new accounts with full user rights. This requires no user interaction and could therefore be exploited by a worm – this is why this vulnerability scores as critical.

Update instructions

Update all your IGEL Windows Embedded Standard 7 systems to version 3.13.140.

Further information

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Last update: December 10, 2019