New Remote Desktop Services Remote Code Execution Vulnerabilities Identified

Two remote code execution vulnerabilities (CVE-2019-1181 and CVE-2019-1182) have been identified in Microsoft Windows. Please note that this is in addition to the already announced BlueKeep vulnerability (CVE-2019-0708). Both vulnerabilities can be exploited by a remote, unauthenticated attacker and could allow for the execution of arbitrary code on the target system.

Microsoft has issued patches for all affected operating systems.

Microsoft Windows Versions Affected

• Windows 7 SP1

• Windows 8.1

• Windows 10

• Windows Server 2008 R2 SP1

• Windows Server 2012 and Windows 2012 R2

• Windows Server 2016

• Windows Server 2019

How does this affect my organisation?

In most cases, Remote Desktop Services (RDS) will be used within organisations but is not exposed to the internet. This will limit the exposure of most organisations but will not mitigate all potential attack vectors (such as internal or lateral threats).

If you are a customer of AC3 Managed Services, AC3 will be in contact to organise an appropriate window to apply these patches.

For more information about this vulnerability please refer to the links at the end of this alert.

Threat rating and recommendation

Based on information available at the time of this notice, we have classified this threat as Action Required.

Customers are recommended to review their environment and apply the appropriate patches as soon as possible. If you have RDS exposed to the internet it is recommended to urgently apply the appropriate patches or disable access to RDS via the internet.

If possible, enabling Network Level Authentication will make exploitation of this vulnerability more difficult as an attacker must have a valid account.

Key

Advice – no urgent remediation action required Warning – watch and act

Action Required – urgent remediation action required

More Information

More information about this security vulnerability is available at the links below.

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182