MilkChan Posted July 21, 2021 Share Posted July 21, 2021 Sorry, I'm not good at English. I'm starting to wonder about this vulnerability. because I found the published document If I continue to use Windows XP in my laptop because it is used to play old games and some software that doesn't work on Windows 10, I'm really worried about this problem. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1489 Link to comment Share on other sites More sharing options...
Tripredacus Posted July 21, 2021 Share Posted July 21, 2021 This CVE indicates that the attacker would connect into the computer using RDP and then run a program. How to handle this would depend if you are using RDP or not. If not, you can disable it and while the exploit would still exist, the ability to use it would not. 1 Link to comment Share on other sites More sharing options...
MilkChan Posted July 21, 2021 Author Share Posted July 21, 2021 Tripredacus : Thanks for helping me and how to deal with it, because I use RDP too, will do as you suggested by turning off RDP. Link to comment Share on other sites More sharing options...
Tripredacus Posted July 21, 2021 Share Posted July 21, 2021 If you do have to use RDP then there are some mitigations. First you have to know that this would be something that would happen in an attack on a high value target. Because the attacker would need to know this information: - the IP or identifier of your computer - the username and password If the computer is not connected directly to the internet or in DMZ, it is less likely to be found. What you can do if you want to use RDP (may need XP Pro or use other methods to do this on Home) : - do not have Guest account enabled. If you are hosting network shares, you'll need to set an account for authentication. - create a new user group, this group should not have admin access but does have RDP access. - create a new user that is not admin, add it to that group. - set RDP to only allow logins from that user group. There are other ways to handle it. Link to comment Share on other sites More sharing options...
MilkChan Posted July 21, 2021 Author Share Posted July 21, 2021 10 minutes ago, Tripredacus said: If you do have to use RDP then there are some mitigations. First you have to know that this would be something that would happen in an attack on a high value target. Because the attacker would need to know this information: - the IP or identifier of your computer - the username and password If the computer is not connected directly to the internet or in DMZ, it is less likely to be found. What you can do if you want to use RDP (may need XP Pro or use other methods to do this on Home) : - ไม่ได้เปิดใช้งานบัญชี Guest ไว้ ถ้าคุณกําลังโฮสต์เครือข่ายที่ใช้ร่วมกัน คุณจะต้องตั้งค่าบัญชีผู้ใช้สําหรับการรับรองความถูกต้อง กลุ่มนี้ไม่ควรมีสิทธิ์การเข้าถึงระดับผู้ดูแลระบบ แต่มีการเข้าถึง RDP - สร้างผู้ใช้ใหม่ที่ไม่ใช่ผู้ดูแลระบบ ให้เพิ่มผู้ใช้นั้นลงในกลุ่มนั้น - ตั้งค่า RDP ให้อนุญาตเฉพาะล็อกอินจากกลุ่มผู้ใช้นั้นเท่านั้น มีวิธีอื่นในการจัดการ Thank you for helping me today. I'm currently creating an account like you suggested. Link to comment Share on other sites More sharing options...
dmiranda Posted July 29, 2021 Share Posted July 29, 2021 RDP, IE, WMP... no go. The first things to disable/cripple. IMHO. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now