Microsoft has released patches for the two critical remote code execution (RCE) vulnerabilities recently discovered in the Remote Desktop Services (RDS). The vulnerabilities posed a threat to all currently supported versions of Windows, including Windows 10.
The Microsoft Security Response Center (MSRC) is urging all Windows users to patch the security flaws on their computers as soon as possible because of the risks associated with these wormable vulnerabilities.
The two flaws are known by the names CVE-2019-1181 and CVE-2019-1182. Much like the infamous "BlueKeep" vulnerability that was patched not too long ago, the two vulnerabilities are "wormable." This means that if someone were to program malware that exploited these vulnerabilities, that malware could jump from one computer to another without any interaction on the users' part, according to Simon Pope, the MSRC Director of Incident Response.
Pope explained that the affected Windows versions are Windows 7 SP2, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows 8.1, and all currently supported versions of Windows 10.
Pope also clarified that the Remote Desktop Protocol (RDP) was unaffected by the security flaw and that it didn't affect unsupported versions of Windows including; Windows Server 2003, Windows Server 2008, and Windows XP.
Attackers are able to exploit the vulnerabilities by sending a specifically-crafted request to the Remote Desktop Service of an unpatched Windows system through the RDP.
The security update that Microsoft released recently will address these flaws by correcting how the Remote Desktop Service handles all connection requests, according to Microsoft.
Pope explained how the vulnerability was discovered by saying, "These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products. At this time, we have no evidence that these vulnerabilities were known to any third party."
If a user is unable to patch their system right now, Microsoft did reveal a way to mitigate the damage until the fix can be applied. Users can protect themselves against the wormable component of the security flaws by enabling Network Level Authentications (NLA) because NLA requires administrator authentication, which prevents the vulnerability from being triggered.
This fix isn’t perfect though, as Pope further explained in the blog published by Microsoft. An affected system is still vulnerable to the Remote Code Execution (RCE) exploit if the person attacking the system has valid credentials and can authorise the connection.