On May 14th 2019 Microsoft announced a Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708). This vulnerability affects Windows 7 and Embedded 7 32 and 64 bit version, Windows 2008 32 and 64 bit versions, and Windows 2008R2 SP1 and SP2 versions.
Left unpatched this vulnerability can allow an unauthenticated attacker to connect to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
By default, all Razberi Technologies systems with Windows Operating system images are manufactured and shipped with Remote Desktop Services or RDP in an off state.
Previous generation Razberi Technologies Rugged, MPRO, or MP systems were shipped with Windows 7 Embedded Operating System. Some special order Razberi Technologies systems may contain Windows 2008R2 SP2. If not patched, these builds are subject to this vulnerability and should be patched immediately.
You can follow this link to find your specific operating system version and download and apply the appropriate security update.
Razberi Technologies will closely monitor this and any newly published updates related to potential vulnerabilities. Razberi will provide advisories as necessary to update our customers and community.
