August 2019 Patch Tuesday: Microsoft plugs critical wormable RDP holes

Microsoft Delivers Patch Tuesday Updates for Windows 10

Time to update: Bluekeep RDP vulnerability being actively exploited

Windows PC users are vulnerable to a major security flaw that might allow attackers to take control of the entire system through the Notepad app.

These new vulnerabilities can compromise a computer without the user doing anything, which means that they can spread quickly and autonomously.

In a post on its website Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC). explained: "Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities". The affected systems are mitigated against "Wormable" malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. But with Amazon Alexa's integration into Windows as a Cortana skill, it appears you'll be able to yell at a laptop or desktop running Alexa, similar to the way you'd command a smart speaker.

CVE-2019-1181 and CVE-2019-1182 - two RDP unauthenticated remote code execution flaws that can be widely exploited through worms, without any user interaction.

Users of Remote Desktop Services are advised to apply the patch that was issued in May, and also to protect the system's Remote Desktop Protocol "listener". Microsoft estimates that more than 800 million devices run Windows 10.

Addresses an issue that may prevent devices from starting up or cause them to continue restarting if they are connected to a domain that is configured to use MIT Kerberos realms. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights", Microsoft said.

Simply applying the new updates closes the security hole.

It appears that affected Windows systems are looking for SHA-1 in the update package and ignore SHA-2.

Discovered by Google security researcher Tavis Ormandy, the vulnerability comes via the Windows CTF module.

Microsoft had also warned people repeatedly to patch those vulnerabilities, most recently on August 8, when it said that some 400,000 endpoints remained unprotected.

"After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an "invalid procedure call error".

Latest News