Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Is anyone aware of this vulnerability on Windows XP? (CVE-2019-1489)


tpao12
 Share

Recommended Posts

Sorry, I'm not good at English. I'm starting to wonder about this vulnerability. because I found the published document 

If I continue to use Windows XP in my laptop because it is used to play old games and some software

that doesn't work on Windows 10, I'm really worried about this problem.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1489

Link to comment
Share on other sites


This CVE indicates that the attacker would connect into the computer using RDP and then run a program.

How to handle this would depend if you are using RDP or not. If not, you can disable it and while the exploit would still exist, the ability to use it would not.

  • Like 1
Link to comment
Share on other sites

 Tripredacus Thanks for helping me and how to deal with it, because I use RDP too, will do as you suggested by turning off RDP.

Link to comment
Share on other sites

If you do have to use RDP then there are some mitigations. First you have to know that this would be something that would happen in an attack on a high value target. Because the attacker would need to know this information:
- the IP or identifier of your computer
- the username and password

If the computer is not connected directly to the internet or in DMZ, it is less likely to be found. What you can do if you want to use RDP (may need XP Pro or use other methods to do this on Home) :

- do not have Guest account enabled. If you are hosting network shares, you'll need to set an account for authentication.
- create a new user group, this group should not have admin access but does have RDP access.
- create a new user that is not admin, add it to that group.
- set RDP to only allow logins from that user group.

There are other ways to handle it.

Link to comment
Share on other sites

10 minutes ago, Tripredacus said:

If you do have to use RDP then there are some mitigations. First you have to know that this would be something that would happen in an attack on a high value target. Because the attacker would need to know this information:
- the IP or identifier of your computer
- the username and password

If the computer is not connected directly to the internet or in DMZ, it is less likely to be found. What you can do if you want to use RDP (may need XP Pro or use other methods to do this on Home) :

- ไม่ได้เปิดใช้งานบัญชี Guest ไว้ ถ้าคุณกําลังโฮสต์เครือข่ายที่ใช้ร่วมกัน คุณจะต้องตั้งค่าบัญชีผู้ใช้สําหรับการรับรองความถูกต้อง
กลุ่มนี้ไม่ควรมีสิทธิ์การเข้าถึงระดับผู้ดูแลระบบ แต่มีการเข้าถึง RDP
- สร้างผู้ใช้ใหม่ที่ไม่ใช่ผู้ดูแลระบบ ให้เพิ่มผู้ใช้นั้นลงในกลุ่มนั้น
- ตั้งค่า RDP ให้อนุญาตเฉพาะล็อกอินจากกลุ่มผู้ใช้นั้นเท่านั้น

มีวิธีอื่นในการจัดการ

Thank you for helping me today.  I'm currently creating an account like you suggested. :worship:

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...