CVE-2019-0708 Microsoft CVE debrief

Who should care

Security teams, Windows administrators, endpoint and infrastructure owners, and incident responders responsible for systems exposing Microsoft Remote Desktop Services.

Technical summary

The available official records identify this as a Microsoft Remote Desktop Services remote code execution issue. CISA’s KEV entry marks it as known exploited and associates it with known ransomware campaign use. The KEV remediation note is to apply vendor updates.

Defensive priority

High. This is a known exploited vulnerability in CISA KEV, which typically warrants prompt patching and exposure review across all affected systems.

Recommended defensive actions

• Apply Microsoft updates per vendor instructions as referenced by CISA KEV.
• Inventory systems running or exposing Microsoft Remote Desktop Services.
• Prioritize patching and remediation for internet-facing or business-critical hosts first.
• Review remote access pathways and reduce unnecessary exposure where possible.
• Confirm that vulnerable systems are included in vulnerability management and patch verification workflows.

Evidence notes

All statements are limited to the supplied official corpus: CISA KEV lists the vulnerability as Microsoft Remote Desktop Services Remote Code Execution Vulnerability, marks known ransomware campaign use as "Known," and directs defenders to apply updates per vendor instructions. The resource links provided are the official CVE record, NVD detail page, CISA KEV catalog, and the source KEV JSON feed.

Official resources