Microsoft has released updates for the Remote Desktop Services that include fixing two critical vulnerabilities (CVE-2019-1181 and CVE-2019-1182), which if exploited lead to an attacker taking full control of an affected system. They have stressed the importance of installing patches to address these vulnerabilities as soon as possible. According to Microsoft, like the BlueKeep Vulnerability, these security flaws are “wormable,” meaning it could spread without user interaction throughout the internet and other vulnerable devices.
The following versions of Windows are affected:
Windows 7, 8.1, 10
Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019.
According to Microsoft, at least two of these vulnerabilities (CVE-2019-1181 and CVE-2019-1182) “can be considered ‘wormable’ and [can be equated] to BlueKeep,” referring to a dangerous bug patched earlier this year that Microsoft warned could be used to spread another WannaCry-like ransomware outbreak. “It is highly likely that at least one of these vulnerabilities will be quickly weaponized, and patching should be prioritized for all Windows systems.”
If your workstations are subscribed to a ProACT plan, we will be pushing out these critical updates tonight. Otherwise, we recommend that you take appropriate action and update your systems as soon as possible including your personal devices. We are available to provide assistance to help resolve this issue.
New to ADVANCED? Contact us today to learn how we can help build/protect your company IT environment!