Microsoft warns of 4 new ‘wormable’ flaws in Windows Remote Desktop Services

Microsoft warns of 4 new ‘wormable’ flaws in Windows Remote Desktop Services

Earlier this week Microsoft said it patched two new major security flaws in the Windows Desktop Services package.

"An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RDS server," Microsoft warned.

"The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."


These two vulnerabilities are similar to the vulnerability known as BlueKeep (CVE-2019-0708). Microsoft patched BlueKeep in May and warned that attackers could abuse it to create "wormable" attacks that spread from one computer to another without user interaction. No bueno.

Also this week, Microsoft said it patched two other BlueKeep-like security vulnerabilities, namely CVE-2019-1181 and CVE-2019-1182.

As with BlueKeep, these two new bugs are wormable, and they also reside in the Windows Remote Desktop Services (RDS) package.

However, unlike BlueKeep, these two cannot be exploited via the Remote Desktop Protocol (RDP), which is normally part of the bigger RDS package.

Make sure you keep your Windows computers patched. Your Macs, too!  If you have any questions or concerns, please feel free to contact us anytime. We can quickly determine your patch level and make sure your computers are updating automatically. You'll just have to be willing to reboot your computer once in a while to actually apply those patches. I'm talking to you, Road Warriors!

Plexus IT (818) 293-5592