Microsoft issued a red alert for all its existing Windows 10 users on Tuesday, urging them to update their operating systems as soon as possible. It has released 2 latest security patches for windows 10 to mitigate 2 new remote code execution for RCE vulnerabilities- CVE-2019-1181 and CVE-2019-1182.
The vulnerabilities are only present in Windows 10, which runs on more than 900 million devices today.
Both vulnerabilities are found in the Remote Desktop Services (RDS) and are capable of affecting all the in-support versions of Windows.
“The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.” Source- MSRC
Microsoft Security Response Center (MSRC) has classified the severity of CVE-2019-1181 and CVE-2019-1182 worms as critical due to the huge amount of risk associated with them.
The 2 critical RCE flaws are also ‘wormable’ just like “the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708) as they can also propagate from one physical computer to another without any user interaction.
Currently, Microsoft has no proof that these vulnerabilities were known to any third party. Users who have enabled automatic updates will be automatically protected by the security patches.
What is RCE?
RCE is the ability of a hacker to access someone else’s server or computer and execute malicious code, no matter where the computing device is situated. After this, a hacker can easily install programs, change or delete data or create new user accounts.
You can address RCE vulnerability is by fixing holes that allow a hacker to gain access. Microsoft often releases security patches for remote desktop vulnerabilities in its monthly Patch Tuesday fixes.
What is RDP?
RDP stands for Remote Desk Protocol. It is a secure network communications protocol for remote management and access to virtual desktops, applications, and servers.
RDP allows network administrators to remotely diagnose and resolve problems in computing devices located in any part of the world.
What is RDS?
Previously known as Terminal Services, Remote Desktop Services (RDS) allow users to remotely access desktops and Windows applications using RDP connection.
BlueKeep was Patched 3 months Ago by Microsoft
Microsoft patched a similarly critical RCE vulnerability in RDS platform termed as BlueKeep vulnerability (CVE-2019-070) on May 14, 2019.
A security flaw that also permits hackers to inject malicious code which can propagate between Windows devices running vulnerable RDS installations.
Windows users also got 4 separate warnings to patch their systems against BlueKeep, one from CISA, followed by 2 from Microsoft, and 1 from the U.S. National Security Agency.
Best Practices to Prevent Wormable Vulnerability in Windows
- Patch ASAP- If your application is supported on Windows 10, update it to the latest version. The best practice is to enable automatic updates.
- Disable RDP- Microsoft advises to disable RDP until the latest patches have been applied. Additionally, you can decrease your attack surface, by enabling RDP only on devices where it really is used and required.
- Configure RDP properly- If you have to use RDP, avoid exposing it to the public internet. You can further improve security by using multi-factor authentication, accessing via VPN or firewall application.
- Enable Network Level Authentication (NLA)- If you enabled partial Network Level Authentication (NLA), then you could mitigate the attacks partially as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
- Use a reliable multi-layered security solution which can detect and mitigate the on-going attacks.
We offer secure Windows Hosting solutions for your applications to protect them against such malicious attacks.
If you still have any query, you can contact us or leave a comment below. We will definitely get back to you.