During hardening the security of Remote Desktop Services, Microsoft security team has found a couple of new critical Remote Code Execution (RCE) vulnerabilities.
The new vulnerabilities— CVE-2019-1181 and CVE-2019-1182, are also wormable like the recently fixed BlueKeep vulnerability. This means that the future malware that exploits these vulnerabilities can propagate from one vulnerable system to another without any user interaction.
According to Microsoft, the following versions of the Windows are affected by the newly discovered vulnerabilities:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- All supported versions of Windows 10, including server versions.
The tech giant mentioned that the Remote Desktop Protocol (RDP) itself isn’t affected. These versions are not affected by the new wormable vulnerabilities—Windows XP, Windows Server 2003, and Windows Server 2008.
The previously patched BlueKeep vulnerability also exists in the RDP which is used by Windows OS, including both 32- and 64-bit versions, and Service Pack versions. Microsoft’s Detection and Response Team said that BlueKeep can cause large-scale outbreaks like WannaCry and Conflicker. The team had made some important recommendations to mitigate that.
And now, Microsoft security team has also issued the patches for the newly discovered vulnerabilities.
“It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide,” wrote Microsoft in a blog post.
“Customers who have automatic updates enabled are automatically protected by these fixes.”
For the affected systems that have enabled the Network Level Authentication (NLA), Microsoft has issued partial mitigation. The NLA demands authentication before triggering the vulnerability, so the affected systems are mitigated against the threats capable of exploiting the vulnerability.
However, if the attacker has valid credentials, the affected systems can be attacked by exploiting the RCE.