Call for Incident Response

866.428.4567

From the DATASHIELD Resource Library:

Microsoft Releases Notice of More RDP Vulnerabilities

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services.

Posted On:

|

By:

|

Read Time:

1 Minute

Categories:

Topics:


Microsoft Releases Notice of More RDP Vulnerabilities

Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka Bluekeep.

This vulnerability targets the more recent versions of Windows:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10, including server versions

Like the previous mentioned vulnerability, these attacks would be ‘wormable’, similar to how the ‘WannaMine’ and other malware variants used the Eternal family of exploits to wreak havoc and still continue to be used laterally in networks.
While currently there is no active exploits against these vulnerabilities and Microsoft has not seen these exploits being utilized in the wild, DATASHIELD recommends patching systems as soon as possible.  The immediate focus should be systems that have RDP exposed to the internet.  Customers who have automatic updates enabled should be protected by these patches already.

DATASHIELD's Content team will continue to monitor these exploits and create alerts surrounding any possible exploitation of these vulnerabilities.

You can find a reference for patching from Microsoft at the following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

CVE References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

About the Author:

SHIELDY
SHIELDY

SHIELDY is the heart and soul of DATASHIELD. There is no packet he cannot analyze or malicious code he cannot detect.

Read More From

SHIELDY