Remote execution of arbitrary code in the RDP protocol

We have learned about a dangerous vulnerability in the RDP protocol: Microsoft has prepared an emergency patch for the vulnerability with the identifier CVE-2019-0708, which allows to execute arbitrary code on the target system.

A remote code execution vulnerability exists in Remote Desktop Services, previously called Terminal Services, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability uses pre-authentication and does not require user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Windows 2003 operating systems for Microsoft.

To exploit this vulnerability, an attacker needs to send a specially crafted request to the remote desktop service of the target systems via RDP.

An interesting fact is that this or similar vulnerability has been sold on darknet at least since last August:

SELLER, [30.09.18 12:54]
RDP RCE Exploit
description:
This is a bug in RDP protocol.
Windows remotely who enables RDP.
vulnerability type:
Heap overflow
affected versions:
Windows 2000 / XP / 2003 / Vista / 7/2008 (R2)
privilege level obtained:
SYSTEM privilege
reliability:
90% for one core / 30% for multiple core
exploitation length:
around 10 seconds
Possible buyer, [30.09.18 12:58]
affected versions:
Windows 2000 / XP / 2003 / Vista / 7/2008 (R2)
Lol
Possible buyer, [30.09.18 12:58]
is it pre-auth or post-auth vuln?
SELLER, [30.09.18 12:59]
Pre
Possible buyer, [30.09.18 12:59]
for how much they / he / she sells it?
SELLER, [30.09.18 12:59]
500
SELLER, [30.09.18 12:59]
Shared
Possible buyer, [30.09.18 12:59]
500k USD?
SELLER, [30.09.18 13:00]
So u can guess it was sold few times
SELLER, [30.09.18 13:00]
Yes