topic Potential MS Windows Security Vulnerability CVE-2019-0708 in Application Development and Automation Discussions https://community.sap.com/t5/application-development-and-automation-discussions/potential-ms-windows-security-vulnerability-cve-2019-0708/m-p/11953681#M1966682 <P> </P> <P>REGARDING: Potential MS Windows Security Vulnerability - How is SAP Addressiung this?</P> <P> </P> <P>Reports from our Security Ratings vendor, RiskRecon, indicate that you may have systems exposed to the internet that have the “BlueKeep” CVE-2019-0708 vulnerability.Details regarding the potential vulnerability follow.</P> <P> </P> <P><U><STRONG>Issue</STRONG></U></P> <P> </P> <P>On May 14, 2019, Microsoft announced a critical Remote Code Execution vulnerability (CVE-2019-0708) in the Remote Desktop Protocol (RDP) service of older versions of Windows. Per Microsoft, “The vulnerability is 'wormable,' and future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a way much like the WannaCry malware spread across the globe in 2017.” Microsoft has taken the unusual step of releasing a patch for versions that it no longer supports and on June 4<SUP>th</SUP> the NSA released an advisory to patch this vulnerability due to the potential for significant business disruption. </P> <P> </P> <P><U><STRONG>Actionable Information</STRONG></U></P> <P> </P> <P>The information in red font below provides additional information regarding hosts that appear that could be vulnerable. Please review and assess this information and respond back to us as soon as possible (by June 19<SUP>th</SUP>) to let us know if this vulnerability could impact E*TRADE services or if action has been taken to patch this vulnerability. </P> <P> </P> <P>Note: RiskRecon is only able to tell us where RDP is running – not whether it has been patched or associated with a non-vulnerable system, so ideally some of the vendors are not impacted by this vulnerability.</P> <P> <STRONG>SAP Ariba, Inc.</STRONG> <STRONG>130.211.37.0</STRONG>gadgets-jam801.sapjam.comjam801.sapjam.comwww.gadgets-jam801.sapjam.com <STRONG>18.194.176.223</STRONG>answers.sap.com</P> Fri, 21 Jun 2019 16:09:32 GMT josephgomez 2019-06-21T16:09:32Z Potential MS Windows Security Vulnerability CVE-2019-0708 https://community.sap.com/t5/application-development-and-automation-discussions/potential-ms-windows-security-vulnerability-cve-2019-0708/m-p/11953681#M1966682 <P> </P> <P>REGARDING: Potential MS Windows Security Vulnerability - How is SAP Addressiung this?</P> <P> </P> <P>Reports from our Security Ratings vendor, RiskRecon, indicate that you may have systems exposed to the internet that have the “BlueKeep” CVE-2019-0708 vulnerability.Details regarding the potential vulnerability follow.</P> <P> </P> <P><U><STRONG>Issue</STRONG></U></P> <P> </P> <P>On May 14, 2019, Microsoft announced a critical Remote Code Execution vulnerability (CVE-2019-0708) in the Remote Desktop Protocol (RDP) service of older versions of Windows. Per Microsoft, “The vulnerability is 'wormable,' and future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a way much like the WannaCry malware spread across the globe in 2017.” Microsoft has taken the unusual step of releasing a patch for versions that it no longer supports and on June 4<SUP>th</SUP> the NSA released an advisory to patch this vulnerability due to the potential for significant business disruption. </P> <P> </P> <P><U><STRONG>Actionable Information</STRONG></U></P> <P> </P> <P>The information in red font below provides additional information regarding hosts that appear that could be vulnerable. Please review and assess this information and respond back to us as soon as possible (by June 19<SUP>th</SUP>) to let us know if this vulnerability could impact E*TRADE services or if action has been taken to patch this vulnerability. </P> <P> </P> <P>Note: RiskRecon is only able to tell us where RDP is running – not whether it has been patched or associated with a non-vulnerable system, so ideally some of the vendors are not impacted by this vulnerability.</P> <P> <STRONG>SAP Ariba, Inc.</STRONG> <STRONG>130.211.37.0</STRONG>gadgets-jam801.sapjam.comjam801.sapjam.comwww.gadgets-jam801.sapjam.com <STRONG>18.194.176.223</STRONG>answers.sap.com</P> Fri, 21 Jun 2019 16:09:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/potential-ms-windows-security-vulnerability-cve-2019-0708/m-p/11953681#M1966682 josephgomez 2019-06-21T16:09:32Z