Log for 電訊台
Dear all,
On 14 May 2019, Microsoft published an advisory that a vulnerability (CVE-2019-0708) was discovered in the Remote Desktop Services which allows attackers to perform remote code execution on a number of Windows systems including Windows XP, Windows 7, and Windows Server 2003, 2008 and 2008 R2. The vulnerability is wormable such that in the worst scenario, malware exploiting it could propagate among vulnerable computers in a way similar to the global outbreak of WannaCry malware in 2017. Microsoft has released security patches for the affected Windows systems, including certain de-supported versions, i.e. Windows XP and Windows 2003; and advises that the affected systems should be patched as quickly as possible.
2. HKCERT published a security bulletin (SA19051507) on 15 May 2019 (further updated on 18 May 2019) on this vulnerability and noticed that some Proof-of-Concept exploit software was being developed. Security researchers from SANS estimate that a more reliable attack tool will be available in a few days. In view of the potential impact of the threat, HKCERT has issued a press release and a security blog on 23 May 2019 to inform the public the latest status and advise them to take immediate actions.
Press release: https://www.hkcert.org/my_url/zh/articles/19052301
Security blog: https://www.hkcert.org/my_url/zh/blog/19052301
3. Your immediate action is sought to check whether there are systems being affected by the vulnerability, if so, please accord priority and mobilise resources to take action to patch the affected systems immediately and step up monitoring for necessary protections.
4. Should there be any anomaly, please report by following the incident reporting mechanism below and using the attached incident report form:
Incident Type Contact
a)
Criminal offences including hacking, bogus website, denial of service attack or spreading of malware Hong Kong Police Force (HKPF)
Tel: 2860 2057
Email: cstcb-cw-cs-office@police.gov.hk (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
b)
Abnormal traffic volume or pattern Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
Tel: 8105 6060
Email: hkcert@hkcert.org (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
c)
Internet service outage
Office of the Communications Authority (OFCA)
Tel: 2961 6218 (office hours), 6392 9536 (outside office hours)
Email: outage@ofca.gov.hk (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
d)
Other major incidents that may affect the smooth operation of the Hong Kong Internet infrastructure
IILG Secretariat
Tel: 2827 8585
Email: iilg_support@ogcio.gov.hk
5. Thank you for your attention.
On 14 May 2019, Microsoft published an advisory that a vulnerability (CVE-2019-0708) was discovered in the Remote Desktop Services which allows attackers to perform remote code execution on a number of Windows systems including Windows XP, Windows 7, and Windows Server 2003, 2008 and 2008 R2. The vulnerability is wormable such that in the worst scenario, malware exploiting it could propagate among vulnerable computers in a way similar to the global outbreak of WannaCry malware in 2017. Microsoft has released security patches for the affected Windows systems, including certain de-supported versions, i.e. Windows XP and Windows 2003; and advises that the affected systems should be patched as quickly as possible.
2. HKCERT published a security bulletin (SA19051507) on 15 May 2019 (further updated on 18 May 2019) on this vulnerability and noticed that some Proof-of-Concept exploit software was being developed. Security researchers from SANS estimate that a more reliable attack tool will be available in a few days. In view of the potential impact of the threat, HKCERT has issued a press release and a security blog on 23 May 2019 to inform the public the latest status and advise them to take immediate actions.
Press release: https://www.hkcert.org/my_url/zh/articles/19052301
Security blog: https://www.hkcert.org/my_url/zh/blog/19052301
3. Your immediate action is sought to check whether there are systems being affected by the vulnerability, if so, please accord priority and mobilise resources to take action to patch the affected systems immediately and step up monitoring for necessary protections.
4. Should there be any anomaly, please report by following the incident reporting mechanism below and using the attached incident report form:
Incident Type Contact
a)
Criminal offences including hacking, bogus website, denial of service attack or spreading of malware Hong Kong Police Force (HKPF)
Tel: 2860 2057
Email: cstcb-cw-cs-office@police.gov.hk (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
b)
Abnormal traffic volume or pattern Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
Tel: 8105 6060
Email: hkcert@hkcert.org (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
c)
Internet service outage
Office of the Communications Authority (OFCA)
Tel: 2961 6218 (office hours), 6392 9536 (outside office hours)
Email: outage@ofca.gov.hk (copy report to IILG Secretariat at iilg_support@ogcio.gov.hk)
d)
Other major incidents that may affect the smooth operation of the Hong Kong Internet infrastructure
IILG Secretariat
Tel: 2827 8585
Email: iilg_support@ogcio.gov.hk
5. Thank you for your attention.