Microsoft has patched two critical remote code execution vulnerabilities that exist in Remote Desktop Services (formerly known as Terminal Services) as part of a much larger bundle of 93 security updates.
The vulnerabilities, dubbed CVE-2019-1181 and CVE-2019-1182, affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 and all supported versions of Windows 10 (including server versions). They’re especially dangerous as they are wormable, meaning they can spread from system to system without any user interaction.
Windows XP, Windows Server 2003 and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself. That’s different from the BlueKeep vulnerability from earlier this year which, if you recall, could be exploited via the RDP.
Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), said the vulnerabilities were discovered while working to harden Remote Desktop Services (RDS). Reassuringly, there’s no evidence that the vulnerabilities were known to any third party or exploited in the wild.
Naturally, you’ll want to patch these vulnerabilities as quickly as possible. For most, that simply involves letting Windows do its thing via automatic updates (which means you’ve probably already been patched by the time you read this). Should for some reason you need to grab them manually, you can do so over on Microsoft’s website.
Masthead credit: worm attack by wk1003mike