Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services.

Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka Bluekeep.

This vulnerability targets the more recent versions of Windows:

• Windows 7 SP1
• Windows Server 2008 R2 SP1
• Windows Server 2012
• Windows 8.1
• Windows Server 2012 R2
• Windows 10, including server versions

Like the previous mentioned vulnerability, these attacks would be ‘wormable’, similar to how the ‘WannaMine’ and other malware variants used the Eternal family of exploits to wreak havoc and still continue to be used laterally in networks.
While currently there is no active exploits against these vulnerabilities and Microsoft has not seen these exploits being utilized in the wild, DATASHIELD recommends patching systems as soon as possible.  The immediate focus should be systems that have RDP exposed to the internet.  Customers who have automatic updates enabled should be protected by these patches already.

DATASHIELD's Content team will continue to monitor these exploits and create alerts surrounding any possible exploitation of these vulnerabilities.

‍

You can find a reference for patching from Microsoft at the following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

‍

CVE References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

Originally posted on August 13, 2019