skip to main content
X

Leaving Website Disclosure

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

To remain at our site, click BACK. To leave our site for the link you selected, click OK.

Thank you for visiting UHY website.

Services

Technology, Risk & Compliance

Cyber attacks are more common than ever in our internet-driven world. Our approach to cybersecurity utilizes a 360º view that includes people, processes, and technology.

IS YOUR COMPANY STILL RUNNING WINDOWS XP, VISTA, 7, SERVER 2003, SERVER 2008, SERVER 2008R2?

July 2, 2019

IS YOUR COMPANY STILL RUNNING WINDOWS XP, VISTA, 7, SERVER 2003, SERVER 2008, SERVER 2008R2?

In the May 2019 Patch Tuesday release, Microsoft disclosed a remote code execution vulnerability (CVE-2019-0708) exists in Remote Desktop Protocol (RDP) – formerly known as Terminal Services. The cyber industry has named this vulnerability BlueKeep. An unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only exists in older Windows operating systems (Windows XP, Vista, 7, Server 2003, Server 2008, Server 2008R2).

Microsoft has released patches for this vulnerability but has also warned that the BlueKeep flaw is “wormable”, similar to EternalBlue’s exploit of the Microsoft SMB protocol vulnerability (CVE-2017-0144), meaning that malware can use this vulnerability to spread from system to system by itself without controller or user intervention.

Here is the patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Hide Firm Disclaimer

©2020 UHY LLP. ALL RIGHTS RESERVED.

UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of "UHY Advisors." UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP and UHY Advisors, Inc. are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. "UHY" is the brand name for the UHY international network. Any services described herein are provided by UHY LLP and/or UHY Advisors (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.