Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708.
The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — formerly known as Terminal Services.
The vulnerability requires no user interaction and is pre-authentication. Microsoft specifically warned against this bug because it is "wormable," meaning future malware that exploits this vulnerability could spread from system to system. One of the most infamous examples of a worm was the WannaCry malware, which disabled major services across the globe in May 2017. An attacker could exploit this vulnerability by sending a specially crafted request to the target system's Remote Desktop Service via RDP.
Snort rule 50137 covers indicators associated with this vulnerability. You can learn more about this release at the Snort blog here.