Windows Remote Desktop Services RCE Vulnerability (CVE-2019-0708)
Daisy has received notification of a critical vulnerability affecting some versions of Windows with Remote Desktop Services implemented; Windows Remote Desktop Services RCE Vulnerability (CVE-2019-0708).
Further information is available from Microsoft, here:
At the time of publication, there are no known exploits for this vulnerability.
- Microsoft Windows – Versions XP to 7
- Microsoft Windows Server – Versions 2003 to 2008 R2
Daisy will deploy patches to customer systems in line with our normal patching policies for Microsoft’s monthly update cycle, for systems for which we have responsibility and where appropriate support is in place. As such, a substantial Windows patching operation is underway across both Daisy’s own and our customers’ compute estates.
Furthermore, we will establish which customers we believe may have Server 2003 or XP to provide additional guidance. Our security and IT teams are working closely with our customer service teams to ensure this is an effective, joined-up approach.
Daisy will continue to follow closely advisories provided by Microsoft and the National Cyber Security Centre (NCSC) regarding this vulnerability, and further updates will be posted here as appropriate.