<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Microsoft Releases Notice of More RDP Vulnerabilities

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services.

Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka Bluekeep.

This vulnerability targets the more recent versions of Windows:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10, including server versions

Like the previous mentioned vulnerability, these attacks would be ‘wormable’, similar to how the ‘WannaMine’ and other malware variants used the Eternal family of exploits to wreak havoc and still continue to be used laterally in networks.
While currently there is no active exploits against these vulnerabilities and Microsoft has not seen these exploits being utilized in the wild, DATASHIELD recommends patching systems as soon as possible.  The immediate focus should be systems that have RDP exposed to the internet.  Customers who have automatic updates enabled should be protected by these patches already.

DATASHIELD's Content team will continue to monitor these exploits and create alerts surrounding any possible exploitation of these vulnerabilities.

You can find a reference for patching from Microsoft at the following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

CVE References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

Originally posted on August 13, 2019

Topics from this Article

Microsoft, Remote Desktop Services, Windows, News, Remote Code Execution, Cyber Security, BlueKeep

David Norlin
David Norlin
Dave Norlin is the Chief Information Security Officer at Datashield and contributes technical content to the Datashield resource library. On top of running the SOC at Datashield and interfacing with customers, Dave offers his technical acumen and insight in the form of educational materials for the Datashield resource library. Dave is also one of the hosts of Datashield's podcast The Hash-Time Show.

Related Posts

Pros and Cons of Outsourced SOC

Google Chronicle vs Splunk

Alphabet’s announcement concerning the inclusion of big-data security into Chronicle led to a 5% drop in the value of Spunk’s shares and sparked a debate on which security information and event management (SIEM) tool supplies better options.

How to Deploy ExtraHop Reveal(x) on Amazon Web Services (AWS)

As business operations expand and move to the cloud, so does security. ExtraHop’s Reveal(x) platform can be deployed on a variety of cloud infrastructures. It makes sense for ExtraHop, leader in Network Detection and Response, to partner with tech giant Amazon Web Services (AWS).