Microsoft recently announced several critical security vulnerabilities for Microsoft Windows Remote Desktop and Remote Desktop Services. These exploits are remote code execution vulnerabilities that can spread to other systems without any user interaction (referred to as “wormable” exploits).
Like the recent BlueKeep exploit announced in CVE-2019-0708, systems may be susceptible to future malware infections if they are not patched. These patches need to occur as soon as possible.
Technical note: Systems using Network Level Authentication (NLA) can mitigate the exploits by preventing the spread of “wormable” malware. This is a result of NLA requiring authentication before such a vulnerability can be activated. However, if valid credentials are obtained by the attacker, they will be able to spread the malware on unpatched systems regardless of the implementation of NLA.
SCTG advises all customers to take the necessary precautions to mitigate this exploit on their systems also.
How to mitigate the Microsoft vulnerabilities
Microsoft has released a series of patches for all affected operating systems that can be downloaded from the Microsoft update catalog, or through automatic updates in Windows as listed below:
- CVE-2019-1181: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
- CVE-2019-1182: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
If you’re concerned about your patch management resources and strategies, please note that we do offer a comprehensive Patch Management Service where we manage, deploy, and validate updates on your behalf.