Today Microsoft publicly released some fixes for the Desktop Services.
These include two critical fixes that are aimed towards Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182.
Just like the CVE-2019-0708 vulnerability, these two fall in the “wormable” category. This allows malware that knows how to take advantage of these vulnerabilities to propagate itself without any user interaction at all.
Here’s a list of all affected versions of Windows:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- All supported versions of Windows 10, including server versions.
It should be noted that Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol itself.
CVE-2019-1181 and CVE-2019-1182 were discovered by Microsoft during a routine attempt at hardening the Remote Desktop Services.
More so, the tech giant states that there is no evidence that any third party may have known of this vulnerability. Additionally, they recommend that all systems that are vulnerable should update as soon as possible.
For those of you that don’t have automatic updates enabled, updates can be found in the Microsoft Security Update Guide.
Those of you that do have automatic updates enabled will have their systems updated immediately.
It should be known that systems that have Network Level Authentication (NLA) have partial protection against such threats.
The vulnerable systems that would otherwise be affected by wormable or advanced malware are protected thanks to the Network Level Authentication.
This is because those threats cannot exploit the vulnerability, as the Network Level Authentication requires user approval before the vulnerability can be activated.
Keep note that users are still vulnerable to Remote Code Execution (RCE) exploitation.
That’s because any attacker that has access to the valid credentials can eventually bypass the Network Level Authentication’s protection.