Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

Microsoft released a security patch to a Remote Code Execution(RCE) vulnerability. The vulnerability exists in Remote Desktop Services (RDS) and is rated critical.

How it is exploited?

An attacker could exploit this vulnerability by sending a specially crafted request to systems running RDS via Remote Desktop Services (RDP), tricking it into executing the arbitrary code. This vulnerability requires no user interaction. The exploit code can also automatically
replicate themselves and cause widespread damage.

Damage:

Successful exploitation of this vulnerability could allow attackers to take control of the affected system and perform malicious activities,
including modifying and installing programs; view, change, or delete data; or create new accounts with full user rights.

Affected Operating Systems:

Windows XP
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Recommendations:

Apply the security updates immediately.