Microsoft Remote Desktop Services Remote Code Execution Vulnerability – CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226

Microsoft has announced a set of critical Remote Desktop Protocol (RDP) security vulnerabilities. RDP on Microsoft Server 2008/2012, Windows 7 and newer versions of Windows are affected.

An unauthenticated attacker can exploit this vulnerability by connecting to the target system using the Remote Desktop Protocol (RDP) and sending specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

The RDP NLA (network level authentication) security setting mitigates this vulnerability from unauthenticated external attackers and it is the default for our Windows VPS. However, some clients may have disabled NLA.

The RDP NLA security setting can be found by going to the following location in Windows.

Control Panel > System > Remote settings > allow remote connections to this computer > [check] allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)

All Windows VPS clients are recommended to update their VPS as soon as possible as well as double check to ensure the RDP NLA higher security setting is enabled.

Windows 2008/2012 VPS can be updated by going to “Start > Control Panel > Windows Update”.
Windows 2016/2019 VPS can be updated by going to “Start > Settings > Update & Security”.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

Microsoft Remote Desktop Services Remote Code Execution Vulnerability – CVE-2019-0708

Microsoft has announced a critical Remote Desktop Protocol (RDP) security vulnerability. RDP on Microsoft Server 2008/2008 R2 and Windows 7 are affected. Microsoft has also issued patches for End-of-Life operating systems Windows Server 2003 and Windows XP.

An unauthenticated attacker can exploit this vulnerability by connecting to the target system using the Remote Desktop Protocol (RDP) and sending specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

The RDP NLA (network level authentication) security setting mitigates this vulnerability from unauthenticated external attackers and it is the default for our Windows VPS. However, some clients may have disabled NLA.

The RDP NLA security setting can be found by going to the following location in Windows.

Control Panel > System > Remote settings > allow remote connections to this computer > [check] allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)

All Windows VPS clients are recommended to update their VPS as soon as possible as well as double check to ensure the RDP NLA higher security setting is enabled.

Windows VPS can be updated by going to “Control Panel > Windows Update”.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Windows 2016 is now available

Windows 2016 is now available for ordering! If you are interested in a Microsoft Windows 2016 based VPS head over to the order page > https://fxvm.net/en/forex-vps-hosting

Windows CredSSP Remote Desktop Connection Error

We have received some reports from customers who are receiving a Windows Remote Desktop Connection (RDP) authentication error connecting to their VPS. This error is coming from a forced RDP client security update released from Microsoft in March 2018 that is now being enforced. The following error is realized when connecting from a patched client (home or work) computer to an unpatched Windows VPS server. Customers who have not updated their VPS since February 2018 may encounter the RDP authentication error and be prevented from connecting to their VPS temporarily.

As a temporary workaround you may follow these instructions to regain access to the VPS. The Windows VPS will need to be updated and restarted at your next convenience so that it has the same security update.

Download:

https://www.fxvm.net/res/downloads/Windows-CredSSP-registry-security-toggle.zip

Instructions:

  1. Extract (2) reg files from Windows-CredSSP-registry-security-toggle.zip
  2. Run “Windows-CREDSSP-temporary-lower-security.reg” to update homepc Windows registry temporarily to lower new security setting
  3. RDP connect to the VPS and complete the Windows Updates and reboot once completed
  4. Run “Windows-CREDSSP-reguler-mitigated-security.reg” to update homepc Windows registry to reenable the regular higher security setting
  5. Test RDP connection to VPS again and it should continue to work

Microsoft reference information:
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Microsoft Updates April 2018

Microsoft released new Windows updates this week.  Looking at the list of updates this month there is an important Windows RDP service security vulnerability announced.  An attacker who successfully exploited this vulnerability could cause the RDP service on the target VPS to stop responding.    There are also other important security updates and all should be done at the next earliest convenience.

We advise using the pre-installed Chrome browser (which auto updates) and minimizing your web browsing from your VPS for added security.

Windows RDP service security advisory:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0976

You can update your VPS by going to “Control Panel > Windows Update”.  We recommend updating over weekends only and rebooting after.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/Microsoft+April+2018+Patch+Tuesday/23539/

Reference:
https://portal.msrc.microsoft.com/

Skrill Payment Gateway On Hold

Unfortunately, we’re having difficulty with the Skrill payment gateway and have suspended new orders until further notice.

They’re presently refusing to allow us to make withdrawals, and after viewing the reviews on Trust Pilot we’re very concerned about the future Skrill.

We recommend using Paypal or Coingate as alternative payment gateways until further notice.

Now offering Windows Server 2016!

We have begun to sell dedicated servers with the Windows Server 2016 operating system. If you would like to order a dedicated server with Windows 2016 you will find it available on the order form.  https://fxvm.net/en/dedicated-forex-server

New IXP (Internet exchange point) in New York

We have added a new IXP (Internet exchange point) in New York.  This will reduce the routing path and lower the network latency to many New York brokers.

FXVM Introduces BitCoin Payments!

At FXVM we’re continually innovating and moving with client demand. It’s one of the many things that separates us from your slow moving competitors.

You have spoken loud and clear, what you want is:

– Rock solid reliability
– Low latency to major brokers
– 24hr support
– Simple payment options

Adding BitCoin as a payment method offers you more flexibility, particularly if you’re unable to use PayPal or Skrill.

Many people say BitCoin is the future of money, and if that turns out to be true, we’ll again be ahead of the industry by offering clients what they want.

Coingate.com has been implemented as our payment gateway, if you have any questions about paying with BitCoin, please let us know via live chat or through support@fxvm.net

Microsoft Updates January 2017

Microsoft released a few new Windows updates this last week. It’s a very light month with only a few and none of them are relevant as far as any risk to our VPS.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/

Reference:
https://technet.microsoft.com/en-us/library/security/ms17-jan.aspx