Microsoft Patches Wormable RCE Vulns in Remote Desktop Services

Similar to the now-patched BlueKeep vulnerability, two flaws fixed today could let malware spread across vulnerable computers.

Microsoft today released 93 fixes and two advisories as part of its monthly Patch Tuesday update. Of these, 64 were categorized as Important in severity and 29 were ranked Critical.
Patching priority should be given to two wormable remote code execution (RCE) vulnerabilities that could allow future malware to spread across vulnerable machines without user interaction.
CVE-2019-1181
and
CVE-2019-1182
affect Windows 8.1, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. They do not affect Windows XP, Windows Server 2008, Windows Server 2008, or the Remote Desktop Protocol (RDP) itself. Like the
BlueKeep
RDP vulnerability patched this year, both could let an attacker remotely install and spread malware.
The vulnerabilities exist in Remote Desktop Services, formerly known as Terminal Services, when an unauthenticated attacker connects to a target system using RDP and sends specially crafted requests. Because they dont require authentication or user interaction, an attacker could install programs; view, edit, or delete data; or create new accounts with full user rights.
To exploit CVE-2019-1181 and CVE-2019-1182, an attacker would have to use RDP to send a specially crafted request to the target systems RDS. Todays update corrects how Remote Desktop Services handles connection requests. Neither bug has been seen in the wild.
These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,
writes
Simon Pope, director of incident response for Microsofts Security Response Center. At this time, we have no evidence that these vulnerabilities were known to any third party.
Pope also points to a partial mitigation on affected systems with Network Level Authentication (NLA) enabled. Because NLA requires authentication before the flaw can be exploited, these systems are protected from wormable malware, he says. However, they are still vulnerable to RCE if attackers possess valid credentials they can use to authenticate.
Two additional vulnerabilities patched today,
CVE-2019-1222
and
CVE-2019-1226
, are also Critical RCE bugs in RDS but, unlike the previously mentioned bugs, theyre not wormable.
Those aside, patches issued today address bugs in Windows, Edge, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, ChakraCore, Azure DevOps Server, Visual Studio, Online Services, and Microsoft Dynamics. None were publicly known or under attack.
Another vulnerability worth noting is
CVE-2019-1201
, a Critical RCE bug in Microsoft Word resulting from improper handling of objects in memory. An attacker could exploit this by creating a specially crafted Word file and convincing a victim to open it, either by attaching it to an email or hosting it on a malicious website. Outlooks Reading/Preview Pane is an attack vector, meaning victims wouldnt have to open an attachment to be exploited; they could simply view the email. If successful, an attacker could achieve the same permissions a target user has on the system.
It was a big month for patching, especially RCE vulnerabilities: Microsoft also fixed RCE bugs in the Chakra Scripting Engine, Microsoft Graphics, Hyper-V, Outlook, Word, the Windows DHCP client, Scripting Engine, and the VBScript Engine.

Last News
▸ Black Hat 2013 trainings focus on Incident Response and Malware. ◂ Discovered: 26/12/2024 Category: security	▸ Black Hat 2013 highlights Home Security, Bootkits, Cell OPSEC shortcomings. ◂ Discovered: 26/12/2024 Category: security	▸ Google and DISA start User ID project. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services