Situation
The critical vulnerability CV3E-2019-0708 affecting Windows Server 2008 and Windows 7.
Problem
This vulnerability allows unauthenticated users to make requests through RDP (remote desktop protocol).
Implication
Unauthenticated actors can exploit this vulnerability to “view, change, or delete data; or create new accounts with full user rights.”
Need
Temporarily disabling RDP is the immediate mitigation for this vulnerability. Updating affected systems is the preferred mitigation. Workarounds include enabling NLA (network level authentications) and/or blocking TCP 3389.
Learn More
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708