Posts

Showing posts from August, 2019

Patching new wormable vulnerabilities with your Microsoft Remote Desktop

Image
Patching new wormable vulnerabilities with your Microsoft Remote Desktop Microsoft is urging users to patch a series of critical, BlueKeep-like vulnerabilities in Windows that could be used to spread malware and affect as many as 800 million machines. Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These two vulnerabilities are ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.  Microsoft not only released these 2 advisories, but they also released updates for 94 vulnerabilities. Of these vulnerabilities, 26 are classified as Critical, meaning that