<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Microsoft Releases Notice of More RDP Vulnerabilities

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services.

Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka Bluekeep.

This vulnerability targets the more recent versions of Windows:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10, including server versions

Like the previous mentioned vulnerability, these attacks would be ‘wormable’, similar to how the ‘WannaMine’ and other malware variants used the Eternal family of exploits to wreak havoc and still continue to be used laterally in networks.
While currently there is no active exploits against these vulnerabilities and Microsoft has not seen these exploits being utilized in the wild, DATASHIELD recommends patching systems as soon as possible.  The immediate focus should be systems that have RDP exposed to the internet.  Customers who have automatic updates enabled should be protected by these patches already.

DATASHIELD's Content team will continue to monitor these exploits and create alerts surrounding any possible exploitation of these vulnerabilities.

You can find a reference for patching from Microsoft at the following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

CVE References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

Originally posted on August 13, 2019

Topics from this Article

Microsoft, Remote Desktop Services, Windows, News, Remote Code Execution, Cyber Security, BlueKeep

David Norlin
David Norlin
Dave Norlin is the Chief Information Security Officer at Datashield and contributes technical content to the Datashield resource library. On top of running the SOC at Datashield and interfacing with customers, Dave offers his technical acumen and insight in the form of educational materials for the Datashield resource library. Dave is also one of the hosts of Datashield's podcast The Hash-Time Show.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.