 |
 |
|---|
DO IT! JUST DO IT!
Posted on 08/15/2019 4:12:46 AM PDT by rarestia
If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately.
Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability.
Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.
Just like BlueKeep RDP flaw, all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically.
"An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RDS server," Microsoft warned.
"The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."
Though the first two vulnerabilities affect all supported versions of the Windows operating system, the second set of flaws (1222 and 1226) only affects Windows 10 and Windows Server Editions.
The new vulnerabilities neither affect Windows XP, Windows Server 2003, and Windows Server 2008 nor affect Remote Desktop Protocol (RDP) itself that Microsoft developed for the Remote Desktop Services.
Instead, the vulnerabilities reside in Remote Desktop Services—formerly known as Terminal Services—could be exploited by unauthenticated, remote attackers by sending specially crafted requests over RDP protocol to a targeted system.
Besides this, Microsoft also says that the company has found "no evidence that these vulnerabilities were known to any third party," or being exploited in the wild.
"It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these," Microsoft strongly recommended.
If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware in a similar way as the infamous WannaCry and NotPetya malware was spread across the globe in 2017.
Microsoft August 2019 Patch Tuesday Updates
Besides these four critical security flaws, Microsoft has also patched 89 vulnerabilities as part of the company's monthly batch of software security updates for August, 25 of which are rated critical and 64 important in severity.
The August 2019 Patch Tuesday security updates include patches for various supported versions of Windows and other Microsoft products, including Internet Explorer, Edge, Office, ChakraCore, Visual Studio, Online Services, and Active Directory Microsoft Dynamics.
All critical vulnerabilities listed this month impact various versions of Windows 10 operating system and Server editions and mostly reside in Chakra Scripting Engine, with some also reside in Windows Graphics Device Interface (GDI), Word, Outlook, Hyper-V, and VBScript Engine, LNK, and Windows DHCP Server.
Some important-rated vulnerabilities also lead to remote code execution attacks, while the majority of them allow elevation of privilege, denial of service, information disclosure, security bypass, spoofing, tampering, and cross-site scripting attacks.
Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.
For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.
Can’t we successfully turn off RDP?
Thanks, I downloaded the security updates while reading the article.
Folks, disable RDP and you should be okay.
Disable it, anyway, even if you plan to do the update.
https://www.laptopmag.com/articles/disable-remote-desktop
Bfl
Every time Win 10 updates it does it several times, crashes and has to uninstall for whatever reason and I wait for the “updating” circle and % shxt then “uninstalling updates” which can take a couple hrs over all.
Then I search for some “unique” MS BS that will allow the upgrade if I’m having problems with the “latest” update. It’s endless......
My W10 Home says it doesn’t support RemoteDesktop. I always disable any program that would allow another PC to connect...
If your PC is connected to any network, wireless or wired, another PC can connect to it. More common protocols like RDP are just what the public understands. RPC, DCOM, and WMI are examples of other Microsoft protocols that allow access to your computer remotely, but they’re more secure than RDP in some ways.
|
|
|---|
DO IT! JUST DO IT!
Which is fine, unless you need to use RDP. You'd be surprised...
Especially at any place of business.
Why not go proactive. ID the hackers and blow them away with a drone.
Yep... And the hits keep on coming. Only 89 patches for all versions going back 10 years.
This particular vulnerability is not exploited (yet). It was discovered by Microsoft while working through hardening of the RDP security layer.
Yep, mine woke up on it’s own a couple times even though RDP was off. I happened to hear the fan come on and the display light up and I jumped out of bed to hold down the power button before it could fully boot. Someone had power it up remotely. Haven’t trusted MS since.
Not necessarily. You have a task scheduler on your system, much like Linux cron, and certain tasks can be configured to wake the computer. Often enough your mouse and keyboard are configured to wake the computer from sleep, and if a cat, dog, or wayward critter hit a button or wiggle the mouse, it will wake your machine.
You can go into Windows event viewer > System log, and look for event ID 1 (Power-Troubleshooter) to show you the wake events and what kicked them off.
Just don’t open port 3389 on your router’s firewall.
Hmmmm...my version of WIN10 (Home) does not support remote desktop....yippee
I am fairly versed in how it works, been into it since the 80s and have NEVER allowed self driving configurations or tasks from any of my computers. When I am not on it I power down and it is down, and after those two events years ago I also make sure and disconnect all possible connections when I power down. I still practice these habits even now with Linux. The remote events were indeed in my logs as not local, someone came in a backdoor and powered it up, and they tried to do it twice before I started my habit of disconnecting everything when I’m not on it.
There is a PAUSE setting for updates under Settings, Advanced Options....mine is set for Aug 29...I DID NOT SET THIS....and I cannot reset it, except till Aug 16th....HELP
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.