Business owners using supported versions of the Windows operating system are urged to immediately install the latest security updates from Microsoft to mitigate a critical set of vulnerabilities recently identified. These vulnerabilities, four in total, are concerning due to their wormable nature, enabling remote code execution via Remote Desktop Services (RDS). Similar in danger to the ‘BlueKeep’ vulnerability patched in 2019, this new batch presents significant risks for unprotected systems.
The security threats include vulnerabilities registered as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Discovered by Microsoft’s own security team, these vulnerabilities allow unauthenticated remote attackers to gain control of affected systems without the need for user interaction, presenting a serious threat to businesses and organizations relying on these systems.
In line with the characteristics of wormable vulnerabilities, these flaws could enable malware to spreading automatically from one compromised machine to another. Microsoft has identified these threats as capable of allowing attackers code execution at the system level by transmitting specially crafted pre-authentication RDP packets to affected servers. The compromised versions of Windows include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, as well as all supported versions of Windows 10 and Server editions.
Importantly, while the first two vulnerabilities affect a broad range of Windows operating systems, the latter two vulnerabilities (CVE-2019-1222 and CVE-2019-1226) are specifically limited to Windows 10 and Server Editions. Microsoft has noted that outdated systems like Windows XP and Windows Server 2003 are not affected by these vulnerabilities.
The root of these vulnerabilities lies within the Remote Desktop Services, previously referred to as Terminal Services. This causes concern as they can be exploited via specially crafted requests sent over the RDP protocol. Despite the severity of these vulnerabilities, Microsoft stresses that there is no evidence of active exploitation in the wild.
Given the potential for extensive damage akin to prior incidents like the WannaCry and NotPetya malware attacks, it is crucial for businesses to act swiftly. Both availability and safety through timely patching can prevent attackers from leveraging these vulnerabilities effectively.
Microsoft’s August 2019 Patch Tuesday updates were extensive, addressing 89 vulnerabilities, of which 25 were classified as critical and 64 as important. The majority of these critical vulnerabilities impact various Windows 10 versions and server editions, mostly focusing on essential components like the Chakra Scripting Engine, Windows Graphics Device Interface (GDI), and products such as Office and Internet Explorer.
Businesses should prioritize applying these latest patches without delay, given that many critical vulnerabilities also enable elevation of privilege and potential exposure to denial-of-service attacks. System administrators are encouraged to initiate updates via the Settings menu or consider manual installations for immediate coverage.
Take prompt action to safeguard your systems and stay informed on future vulnerabilities and protective measures to mitigate the risks posed by ever-evolving cyber threats.