Microsoft releases a critical patch to address vulnerabilities in RDS. An attacker can execute arbitrary code on the target system which allows installation of new software, read/write privileges as well as the possibility to delete content on the affected system. It also allows the creation of new accounts with admin privileges. Microsoft issued patches for Windows Server 2008/2008 R2 and OS Windows 7 but also for End-of-Life Windows Server 2003 and OS Windows XP. If the system stays unpatched this vulnerability can be spread as Ransomware WannaCry, from one device to another.
National CERT urges users to apply the available update in order to avoid misuse of their system.
For more details please visit: CVE-2019-0708