New Wormable Flaws in Windows Remote Desktop Services

Code on the screen

Do you remember BlueKeep? Microsoft patched this vulnerability in May this year but are we all protected? Sadly, the answer is no.

Recently, some new security flaws are discovered in Windows Remote Desktop Services. Just like BlueKeep (CVE-2019-0708), these flaws are also “wormable”. This means that hackers and people with malicious intents can use these vulnerabilities to attack users from computer to computer without any user interaction.

Fortunately, Microsoft found these flaws internally while working to harden the security of the Remote Desktop Services (RDS) package. Microsoft officials did not find any evidence suggesting that these vulnerabilities were known to any third-party user.

Fixes for these flaws have already been released.  The updates released for Microsoft RDS addresses the security flaws by modifying how RDS handles the connection request.

Who Can Be Affected?

According to Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC), “The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected“.

If you are running any of these Windows versions, it is advisable to update your system as soon as possible. The security flaws are severe. The earlier you install the Microsoft updates, the earlier and better you’ll be protected against wormable attacks.

The Severity of RDS Wormable Flaws

Vulnerability is discovered internally and patches have been released to address the flaws. No damage experienced. So, what’s the hype about? Well, the problem is more severe than you may have realized.

According to Kevin Beaumont, an independent security researcher, “the vulnerabilities include the latest versions of Windows, not just older versions like in BlueKeep. There will be a race between organizations to patch systems before people reverse engineer the vulnerability from the patches to learn how to exploit them. My message would be: keep calm and patch.”

If an attacker successfully exploits this flaw, they can access an unauthorized system from a remote location, execute arbitrary code on the system, install files, view and modify data, and even create new accounts with complete user rights.

This is why it is important to update your systems as soon as possible. Leaving on Network Level Authentication (NLA) can provide security against such attacks to some extent but with ever-evolving hacking techniques and tools, hackers can even find the required credentials.

Therefore, it is better if you let professionals handle the job for you and provide you with a protected environment that minimizes the risk of data breaches and exploitation. Call IT and security experts to talk about Managed IT Services. They will keep your office’s technology up-to-date and running smoothly.

References