-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Potential MS Windows Security Vulnerability CVE-20...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Potential MS Windows Security Vulnerability CVE-2019-0708
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2019 Jun 21 5:09 PM
- SAP Managed Tags
- Security
REGARDING: Potential MS Windows Security Vulnerability - How is SAP Addressiung this?
Reports from our Security Ratings vendor, RiskRecon, indicate that you may have systems exposed to the internet that have the “BlueKeep” CVE-2019-0708 vulnerability.Details regarding the potential vulnerability follow.
Issue
On May 14, 2019, Microsoft announced a critical Remote Code Execution vulnerability (CVE-2019-0708) in the Remote Desktop Protocol (RDP) service of older versions of Windows. Per Microsoft, “The vulnerability is 'wormable,' and future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a way much like the WannaCry malware spread across the globe in 2017.” Microsoft has taken the unusual step of releasing a patch for versions that it no longer supports and on June 4th the NSA released an advisory to patch this vulnerability due to the potential for significant business disruption.
Actionable Information
The information in red font below provides additional information regarding hosts that appear that could be vulnerable. Please review and assess this information and respond back to us as soon as possible (by June 19th) to let us know if this vulnerability could impact E*TRADE services or if action has been taken to patch this vulnerability.
Note: RiskRecon is only able to tell us where RDP is running – not whether it has been patched or associated with a non-vulnerable system, so ideally some of the vendors are not impacted by this vulnerability.
SAP Ariba, Inc. 130.211.37.0gadgets-jam801.sapjam.comjam801.sapjam.comwww.gadgets-jam801.sapjam.com 18.194.176.223answers.sap.com
Bluesky