skip to main content
X

Services

Technology, Risk & Compliance

In an age of increasing reliance on secure information technology, information security and compliance has become more important in helping customers determine if security controls are operating as intended and how well their data and intellectual property are protected.

IS YOUR COMPANY STILL RUNNING WINDOWS XP, VISTA, 7, SERVER 2003, SERVER 2008, SERVER 2008R2?

IS YOUR COMPANY STILL RUNNING WINDOWS XP, VISTA, 7, SERVER 2003, SERVER 2008, SERVER 2008R2?

In the May 2019 Patch Tuesday release, Microsoft disclosed a remote code execution vulnerability (CVE-2019-0708) exists in Remote Desktop Protocol (RDP) – formerly known as Terminal Services. The cyber industry has named this vulnerability BlueKeep. An unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only exists in older Windows operating systems (Windows XP, Vista, 7, Server 2003, Server 2008, Server 2008R2).

Microsoft has released patches for this vulnerability but has also warned that the BlueKeep flaw is “wormable”, similar to EternalBlue’s exploit of the Microsoft SMB protocol vulnerability (CVE-2017-0144), meaning that malware can use this vulnerability to spread from system to system by itself without controller or user intervention.

Here is the patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Hide Firm Disclaimer

©2024 UHY LLP. ALL RIGHTS RESERVED.

UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.