Yesterday, Microsoft released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following Windows operating systems:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
An attacker could exploit these vulnerabilities to take control of an affected system by sending a specially crafted request to target the system’s Remote Desktop Service via RDP. Similar to CVE-2019-0708 – dubbed “BlueKeep” – these vulnerabilities are considered ‘wormable’ because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.
The Microsoft update addresses these vulnerabilities by correcting how Remote Desktop Services handle connection requests.
Given the destructive history of previous wormable malware, such as “WannaCry”, Layer 8 Security recommends prioritizing this update, and to verify that any remaining vulnerable systems are patched. Additionally, here are resources that administrators should review regarding the updates:
- Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
- Microsoft Security Vulnerability Information for CVE-2019-1181
- Microsoft Security Vulnerability Information for CVE-2019-1182
- Microsoft Security Blog Post: Protect Against BlueKeep
- Microsoft Customer Guidance for CVE-2019-0708