Connect with us

The Online Technology

Patch time! Microsoft warns of new worm-ready RDP bugs – Naked Security

Security Watch

Patch time! Microsoft warns of new worm-ready RDP bugs – Naked Security


Microsoft’s Patch Tuesday bought some very bad news yesterday: more wormable RDP vulnerabilities, this time affecting Windows 10 users.

CVE-2019-1181 and -1182 are critical vulnerabilities in Remote Desktop Services (formerly Windows Terminal) that are wormable – similar to the BlueKeep vulnerability that people have already created exploits for. Wormable means that the exploit could, in theory, be used not only to break into one computer but also to spread itself onwards from there.

These new vulnerabilities, which Microsoft found while it was hardening RDS, can be exploited without user interaction by sending a specially-crafted remote desktop protocol (RDP) message to RDS. Once in, an attacker could install programs, change or delete data, create new accounts with full user rights, and more. CVE-2019-1222 and -1226 also address these flaws.

Unlike BlueKeep, these new RDP vulnerabilities affect Windows 10, including server versions, as well as Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

Microsoft said that these vulnerabilities haven’t yet been exploited in the wild, but urged customers to get ahead of the game by patching quickly:

It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide.

Computers with network level authentication (NLA) are partly protected, because crooks would need to authenticate before making a request, meaning that an attack couldn’t spread without human interaction on NLA-enabled systems.

Microsoft also fixed several other critical bugs in this Patch Tuesday, including a remote code execution (RCE) vulnerability in Internet Explorer’s scripting engine (CVE-2019-1133 and -1194). Attackers can exploit the bug via a specially crafted website or by sending a malicious ActiveX control marked “Safe for initialization” to any MS Office program that uses the Internet Explorer rendering engine.

Real Life. Real News. Real Voices

Help us tell more of the stories that matter

Become a founding member

Edge users didn’t get away scot-free either. There’s a similar bug (CVE-2019-1131, -1139 to -1141, and CVE-2019-1195 to -1197) in that product’s Chakra Scripting Engine. It allows for remote code execution in the current user context, and it’s exploitable via malicious websites.