4 Nieuwe BlueKeep-achtige ‘Wormable’ Windows Remote Desktop flaws ontdekt

Het Windows-besturingssysteem bevat vier nieuwe kritische, remote code execution vulnerabilities, in Remote Desktop Services, vergelijkbaar met de onlangs gepatchte ‘BlueKeep’ RDP-kwetsbaarheid.

Had BlueKeep alleen invloed op WindowsXp, server 2003 en 2008,  deze kwetsbaarheden betreffen ook Wndows 10 en Server 2012!

Dit wordt gemeld door het Microsoft Security team zelf.

Het beveiligingsteam van Microsoft heeft zelf ontdekt dat alle vier de kwetsbaarheden, CVE-2019-1181, CVE-2019-1182, CVE-2019-1182, CVE-2019-1222 en CVE-2019-1222 en CVE-2019-1226, kunnen worden uitgebuit door ongeauthenticeerde aanvallers op afstand om de controle te krijgen over een aangetast computersysteem, zonder dat er enige interactie met de gebruiker nodig is.

Zie voor meer informatie over deze vulnerabilities  Microsoft Security Response Center

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.

These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products. At this time, we have no evidence that these vulnerabilities were known to any third party.

It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide. Customers who have automatic updates enabled are automatically protected by these fixes.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

 

 

 

×