RSS Feed
News
May
14

[Update, Wed May 15 03:21:50 MDT 2019] All reboots for emergency updates are complete. We will be reaching
out to those with fully managed services and their own Active Directory domains separately in the morning. It is highly
recommended that all clients using Windows server 2003-2008R2 on self-managed hosts push through the updates securing a
gainst CVE-2019-0708 ASAP.

[Update, Wed May 15 01:38:19 DST 2019]   While all updates were initiated by the deadline, several are still completing.  Reboots may extend into the next couple of hours, but will be over before business hours, MDT. 

Date: 
 May 14, 2019
Time:  9:30PM MDT - 11:30PM MDT


Purpose of Work:
A pre-authentication vulnerability targeting Remote Desktop Protocol in servers running Windows Server 2008 R2 or older has been discovered that allows for Remote Code Execution.

Because the vulnerability requires absolutely no authentication, it could be spread rapidly within a network via use of 'Worm' style malware, at which point the exploiter would effectively have full control of all infected hosts.

Due to the ease of exploitation, and the impact of exploitation, we will be patching and rebooting all affected, fully-managed hosts overnight.

You can read more about the exploit (and patches mitigating it), here: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Impact of Work:
Windows 2003 hosts on our domain will be rebooted immediately to propagate a manual update, and 2008 / 2008 R2 hosts on our domain will be scheduled to reboot later tonight, after installing the updates automatically.

Any hosts not on our fully-managed domain (usually because they have their own domain) will not be impacted; the controlling organizations will be notified separately.


Please contact us with any questions / comments / concerns.


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).