BlueKeep-like Vulnerabilities in Windows
Patching new wormable vulnerabilities in MS Remote Desktop
Microsoft is urging users to patch a series of critical, BlueKeep-like vulnerabilities in Windows that could be used to spread malware and affect as many as 800 million machines. Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182.
These two vulnerabilities are ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Microsoft not only released these 2 advisories, but they also released updates for 94 vulnerabilities. Of these vulnerabilities, 26 are classified as Critical, meaning that if these updates are not done ASAP, your computer will be vulnerable. If you are not MJJT customer yet, please act fast seeking protection by go to www.mjjt.us and fill out the request form. Someone from our Cyber Security team will contact you promptly. You may also email us or call us at 212-868-0688.