Windows XP Patch Available for Remote Desktop Services Remote Code Execution Vulnerability

Archive
1

If you are running Windows XP or Windows Server 2003, you should download and install a patch that Microsoft has just released to patch a Remote Desktop Services Remote Code Execution Vulnerability.  The threat is serious enough that Microsoft has elected to make this update available for systems that are no longer otherwise supported. 

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

2

The details for Security Update 2032 on the Symantec Security Response site show that protection for this CVE-2019-0708 vulnerability was added to Intrusion Prevention (IPS) definition set v20190522.061 on 22-May-2019.  I checked my security history and confirmed I received this IPS definition that same day.

NS v22_15_2 IPS Def Set v20190522_061 CVE-2019-0708 22 May 2019.png ----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22

3

Just a heads up that Vista SP2 is also affected by this vulnerability, but Microsoft has not posted a patch on the Microsoft Update Catalog that specifically targets Vista SP2 as they did for Win XP SP3.  Note that Remote Desktop Services (RDS) is known as Terminal Services in older operating systems like Vista SP2.

The Microsoft support article Customer Guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019 was revised on 23-May-2019 and now recommends that Vista SP2 users apply the KB4499180 (the May 2019 Windows Server 2008 "Security Only" update) to patch this vulnerability, but several Vista SP2 users are reporting BSODs, update failures, antivirus crashes and other problems after applying KB4499180 - see comments in the AskWoody.com thread MS-DEFCON 3: Get Windows XP, Win7 and Associated Servers Patched.  The released notes for KB4499180 at May 14, 2019—KB4499180 (Security-Only Update) notes that "Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup" and there's also some confusion whether KB4493730 (the April 2019 Windows Server 2008 SSU) should be installed before KB4499180 on both Windows Server 2008 and Vista SP2 OSs.

While I'm waiting for further feedback, I've ensured that Remote Assistance (Control Panel | System and Maintenance | System | Remote Settings) is disabled, and when I checked the status of Port 3389 at https://www.grc.com/port_3389.htm by clicking Probe THIS Port as suggested <here> by GoneToPlaid my status is reported as Stealth (the preferred status according to https://www.grc.com/su/portstatusinfo.htm).

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22