Oh, then there's the fresh side-channel attack — called "ZombieLoad" complete with website and logo — affecting almost every computer with an Intel chip dating back to 2011. Like the Meltdown and Spectre bugs that caused such a ruckus in early 2018, ZombieLoad takes advantage of modern processors' reliance on speculative execution to run faster and more efficiently. Successfully exploiting ZombieLand can result in leaking data such as passwords, access tokens, and the websites a user is visiting in real-time.
As with Meltdown and Spectre, however, while the scope of the flaw is huge and the potential impact massive, the actual likelihood of attackers leveraging it in the real world is relatively low, especially compared to another vulnerability disclosed on Tuesday that's getting less press.
While it may not have a catchy name or dedicated website, CVE-2019-0708 — a vulnerability in Microsoft's Remote Desktop Services — is arguably THE top vulnerability in this murderers' row of flaws you should be most worried about.
To be clear, all of these vulnerabilities deserve patching, but if you're looking to prioritize this post will explain why you should start with it first.
? Very important security update for Windows ? CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch against. Around 3 million RDP endpoints are directly exposed to internet. https://t.co/EAdg3VNMjwpic.twitter.com/u2V3uyoyVs
CVE-2019-0708 is a remote code execution (RCE) vulnerability in Remote Desktop Services that allows an unauthenticated attacker to execute arbitrary code on a target system by sending a specially crafted request via RDP.
Why is it dangerous?
RCEs are never good, but the thing that should really set your Spidey sense tingling is the term in bold below.
"This vulnerability is "wormable," meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017."
For those with blessedly short memories, the WannaCry ransomware outbreak saw more than 200,000 computers across 150 countries infected with data-encrypting malware, with total damages estimated to be in the billions. The infection cost the UK's National Health Service alone nearly £100m.
WannaCry spread rapidly across systems using an exploit called EternalBlue (purportedly developed by the NSA) that targeted a vulnerability in Microsoft's Server Message Block (SMB) protocol. Like SMB, RDP provides a built-in method of connecting to devices within a network, making it a favorite target for exploitation. Case in point: Included in the same group of leaked exploits along with EternalBlue was an exploit called EsteemAudit, which targeted a flaw in Microsoft's handling of RDP.
In fact, there has been a long history of Microsoft security updates related to Remote Desktop Services and RDP, with more than 24 separate CVEs issued since 2002. Criminals have also routinely taken advantage of systems with RDP exposed to the Internet to conduct brute force attacks and infect victims with ransomware and other malware.
Making sure RDP isn't exposed has become standard security 101, yet millions of systems are doing exactly that. The large number of exposed, vulnerable systems combined with the ease of exploitation and the fact that no user interaction is required make this an absolutely critical vulnerability to patch.
The good news is newer versions of Windows including Windows 8 and Windows 10 are NOT vulnerable.
According to Microsoft, enabling Network Level Authentication (NLA) can provide partial mitigation, though it unfortunately won't help if an attacker has obtained valid credentials (via brute force attack, purchasing them on a dark web marketplace, etc.).
While patching is the only sure-fire way to address this vulnerability, it's also a good time to ensure you've taken steps to properly secure RDP throughout your client networks. Here are two great resources that can help:
Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.
https://www.ninjaone.com/wp-content/uploads/2022/12/ninjaone-logo.svg00Jonathan Crowehttps://www.ninjaone.com/wp-content/uploads/2022/12/ninjaone-logo.svgJonathan Crowe2023-02-21 16:42:50Alert: Wormable Flaw in Remote Desktop Services Could Result in New WannaCry-Like Outbreak
NinjaOne Rated #1 in RMM, Endpoint Management and Patch Management