As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

A security is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?
A . Patch or reimage the device to complete the recovery
B . Restart the antiviruses running processes
C . Isolate the host from the network to prevent exposure
D . Confirm the workstation’s signatures against the most current signatures.

View Answer

Answer: D

Explanation:

The vulnerability scan report shows that the workstation has a high-risk vulnerability (CVE-2019-0708) that affects Remote Desktop Services on Windows systems. This vulnerability allows remote code execution without authentication or user interaction, and can be exploited by sending specially crafted requests to the target system1 As part of the detection and analysis procedures, the analyst should confirm the workstation’s signatures against the most current signatures. This can help verify if the workstation has been patched or updated to address the vulnerability, or if it is still vulnerable and needs remediation. The analyst can use tools such as Windows Update or Microsoft Baseline Security Analyzer to check the workstation’s patch level and compare it with the latest available signatures.

Reference: 1 CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability