View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 14, 2019

Microsoft Finds, Patches ANOTHER Wormable Vulnerability

Issues found during RDP hardening

By CBR Staff Writer

Microsoft’s security team have identified and patched another duo of critical wormable vulnerabilities in its Remote Desktop Protocol (RDP). The security flaws could allow malware to propagate from system-to-system without user interaction.

The patches come hot on the heels of the high-profile Bluekeep vulnerability, disclosed by the UK’s National Cyber Security Centre to Microsoft in May. Microsoft warned in the wake of that disclosure that it was “highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware”.

National security agencies urged rapid patching in the wake of that disclosure, fearing an outbreak of another malware like WannaCry, as cybersecurity firms raced to publish expurgated proof-of-concepts of the exploit.

See also: Microsoft Credits NCSC for Critical Bug Find, Pushes Out Unusual Patch

The vulnerabilities disclosed today, CVE-2019-1181/1182, both involve Remote Desktop Protocol (RDP) and would allow an unauthenticated attacker connecting to the target system using RDP to execute arbitrary code on the target system, install programmes, change or delete data, and create new accounts with full user rights.

The vulnerabilities were found by Microsoft as it worked on hardening RDP, which has been found to be riddled with vulnerabilities.

The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC), said: “It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

RDP Vulnerability Disclosure: Comes Amid Flurry of Patch Tuesday Fixes

Chris Goettl, Director of Security Solutions at Ivanti, said that broadly the patches were less substantial than last month’s: “August Patch Tuesday was a pleasant relief after the massive release of updates in July. But don’t sit in your lawn chair and open that cold beverage just yet; you still have some things to do!

“Microsoft resolved a total of 93 unique CVEs this month, but surprisingly there are NO zero-days OR publicly disclosed vulnerabilities! It has been a long time since I remember that happening. One vulnerability of interest is (CVE-2019-9506) titled Encryption Key Negotiation of Bluetooth Vulnerability.

“CERT/CC has issued CVE-2019-9506 and VU#918987 for this tampering vulnerability, which has a CVSS score of 9.3. It requires specialised hardware to exploit but can allow wireless access and disruption within Bluetooth range of the device being attacked. Microsoft provided an update to address the issue, but the new functionality is disabled by default. You must enable the functionality by setting a flag in the registry.”

See also: Remote Desktop Protocols Riddled With Vulns: Check Point Finds 16 Modes of Pwnage

Critical vulnerabilities disclosed this Thursday include:

Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197
Remote Code Execution

Hyper-V Remote Code Execution Vulnerability
CVE-2019-0720
Remote Code Execution

LNK Remote Code Execution Vulnerability
CVE-2019-1188
Remote Code Execution

Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152
Remote Code Execution

Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2019-1204
Elevation of Privilege

Microsoft Outlook Memory Corruption Vulnerability
CVE-2019-1199
Remote Code Execution

Microsoft Outlook Remote Code Execution Vulnerability
CVE-2019-1200
Remote Code Execution

Microsoft Word Remote Code Execution Vulnerability
CVE-2019-1201, CVE-2019-1205
Remote Code Execution

Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2019-1133, CVE-2019-1194
Remote Code Execution

Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0736
Remote Code Execution

Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1213
Remote Code Execution

Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0965
Remote Code Execution

Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-1183
Remote Code Execution

Microsoft Live Accounts Elevation of Privilege Vulnerability
ADV190014
Elevation of Privilege

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU