Yesterday, Microsoft released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following Windows operating systems:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10

An attacker could exploit these vulnerabilities to take control of an affected system by sending a specially crafted request to target the system’s Remote Desktop Service via RDP. Similar to CVE-2019-0708 – dubbed “BlueKeep” – these vulnerabilities are considered ‘wormable’ because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

The Microsoft update addresses these vulnerabilities by correcting how Remote Desktop Services handle connection requests.

Given the destructive history of previous wormable malware, such as “WannaCry”, Layer 8 Security recommends prioritizing this update, and to verify that any remaining vulnerable systems are patched. Additionally, here are resources that administrators should review regarding the updates:

For any questions regarding this update, please send us an email at contact@layer8security.com or by phone at 610.766.7312.