The Hacker News Logo
Subscribe to Newsletter

lundi 19 août 2019

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately.

Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability.

Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.

Just like BlueKeep RDP flaw, all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically.

    "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RDS server," Microsoft warned.

    "The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."


Though the first two vulnerabilities affect all supported versions of the Windows operating system, the second set of flaws (1222 and 1226) only affects Windows 10 and Windows Server Editions.

The new vulnerabilities neither affect Windows XP, Windows Server 2003, and Windows Server 2008 nor affect Remote Desktop Protocol (RDP) itself that Microsoft developed for the Remote Desktop Services.

Instead, the vulnerabilities reside in Remote Desktop Services—formerly known as Terminal Services—could be exploited by unauthenticated, remote attackers by sending specially crafted requests over RDP protocol to a targeted system.

Besides this, Microsoft also says that the company has found "no evidence that these vulnerabilities were known to any third party," or being exploited in the wild.

    "It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these," Microsoft strongly recommended.


If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware in a similar way as the infamous WannaCry and NotPetya malware was spread across the globe in 2017.

Microsoft August 2019 Patch Tuesday Updates

Besides these four critical security flaws, Microsoft has also patched 89 vulnerabilities as part of the company's monthly batch of software security updates for August, 25 of which are rated critical and 64 important in severity.


The August 2019 Patch Tuesday security updates include patches for various supported versions of Windows and other Microsoft products, including Internet Explorer, Edge, Office, ChakraCore, Visual Studio, Online Services, and Active Directory Microsoft Dynamics.

All critical vulnerabilities listed this month impact various versions of Windows 10 operating system and Server editions and mostly reside in Chakra Scripting Engine, with some also reside in Windows Graphics Device Interface (GDI), Word, Outlook, Hyper-V, and VBScript Engine, LNK, and Windows DHCP Server.

Some important-rated vulnerabilities also lead to remote code execution attacks, while the majority of them allow elevation of privilege, denial of service, information disclosure, security bypass, spoofing, tampering, and cross-site scripting attacks.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Read more