https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261875#M563 Sorry! <BR />Released in content 8154. Wed, 22 May 2019 00:11:42 GMT ssullivan 2019-05-22T00:11:42Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261017#M548 <P>Hi,</P><P>just wondering on expected release for signature for this Vulnerability?</P><P>&nbsp;</P><P>CVE-2019-0708&nbsp; - Remote Desktop Services Remote Code Execution Vulnerability</P><P>&nbsp;</P><P>Details here:</P><P><A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708" target="_blank" rel="noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708</A></P><P>&nbsp;</P><P>regards</P><P>&nbsp;</P><P>Paul</P> Wed, 15 May 2019 02:38:17 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261017#M548 Paul_Stinson 2019-05-15T02:38:17Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261165#M550 <P>Hi Guys,</P><P>&nbsp;</P><P>Any idea, by when we have signatures for this CVE ?</P><P><SPAN>CVE-2019-0708</SPAN></P><BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/100677">@Paul_Stinson</a>&nbsp;wrote:<BR /><P>Hi,</P><P>just wondering on expected release for signature for this Vulnerability?</P><P>&nbsp;</P><P>CVE-2019-0708&nbsp; - Remote Desktop Services Remote Code Execution Vulnerability</P><P>&nbsp;</P><P>Details here:</P><P><A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708" target="_blank" rel="noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708</A></P><P>&nbsp;</P><P>regards</P><P>&nbsp;</P><P>Paul</P><HR /></BLOCKQUOTE><P>&nbsp;</P> Wed, 15 May 2019 15:04:41 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261165#M550 Ankit_Rai 2019-05-15T15:04:41Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261344#M551 <P>hey,</P><P>got an response from TAC:</P><P>&nbsp;</P><P><EM>Regarding Microsoft CVE-2019-0708, PA has investigated a feasibility of network-based vulnerability signature coverage and so far there is no known exploitation of this CVE to possibly create a coverage signature at this time. PA will continue observe should there is any change with regards to this CVE. As per Microsoft advisory a software update fix is currently available for any impacted version of Windows.</EM><BR /><BR /></P> Thu, 16 May 2019 11:48:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261344#M551 SinOPtik 2019-05-16T11:48:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261430#M554 <P>Cheers thanks for the update.....interesting that there is a patch to patch the vulnerability but a signature can't be created for the vulnerability! <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Fri, 17 May 2019 03:11:15 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261430#M554 Paul_Stinson 2019-05-17T03:11:15Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261696#M556 <P>Is Palo Alto at least looking into creating a signature?&nbsp; TippingPoint has one and Cisco Talos is looking into creating a Snort rule.</P> Mon, 20 May 2019 19:49:23 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261696#M556 matthewroberson 2019-05-20T19:49:23Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261809#M558 <P>Snort sigs are live for this as of last night -</P><P>&nbsp;</P><P><A href="https://blog.snort.org/2019/05/snort-rule-update-for-may-20-2019.html" target="_blank">https://blog.snort.org/2019/05/snort-rule-update-for-may-20-2019.html</A></P> Tue, 21 May 2019 13:43:10 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261809#M558 SeanBallard 2019-05-21T13:43:10Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261847#M559 <P>The signatures dont specifically detect CVE-2019-0708 they were developed to help identify "emerging threats"</P><P>&nbsp;</P><P>I have just been informed that Palo Alto's Threat team has a working PoC and are developing a signature.&nbsp;</P> Tue, 21 May 2019 19:26:49 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261847#M559 A.Waitkus 2019-05-21T19:26:49Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261848#M560 <P>Cisco and Checkpoint both have prevent signatures live right now. PAN is in&nbsp;field POC testing from what I am told and the signature should be GA here in a day or two.&nbsp;</P> Tue, 21 May 2019 19:29:52 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261848#M560 SeanBallard 2019-05-21T19:29:52Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261872#M561 Released in content 8154. Wed, 22 May 2019 00:11:21 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261872#M561 ssullivan 2019-05-22T00:11:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261874#M562 <P>&nbsp;</P><P>TAC only Link?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Denied!" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/20126i499D53256173280D/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2019-05-22 09_54_11-Live Community - Access Denied - Live Community.png" alt="Denied!" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Denied!</span></span></P> Tue, 21 May 2019 23:56:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261874#M562 Paul_Stinson 2019-05-21T23:56:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261875#M563 Sorry! <BR />Released in content 8154. Wed, 22 May 2019 00:11:42 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2019-0708-remote-desktop-services-remote-code-execution/m-p/261875#M563 ssullivan 2019-05-22T00:11:42Z