Social Icons

Thursday, August 15, 2019

Microsoft warns of two new flaws in Windows RDP
Microsoft warns against BlueKeep II & III. The publisher considers them "wormable" just like the original BlueKeep vulnerability.
Microsoft announced today that it has fixed two new major security vulnerabilities in the Windows Desktop Services package.

These two vulnerabilities are similar to the vulnerability known as BlueKeep (CVE-2019-0708). Microsoft corrected BlueKeep in May and warned that attackers could abuse it to create "wormable" attacks, ie able to spread from one computer to another without user interaction.

Microsoft announced today that it has corrected two other security vulnerabilities similar to BlueKeep, namely CVE-2019-1181 and CVE-2019-1182.

Just like BlueKeep, these two new bugs are "wormable" and also reside in the Windows Remote Desktop Services (RDS) package.

Unlike BlueKeep, these two vulnerabilities can not be exploited via the Remote Desktop Protocol (RDP), which is normally part of the RDS package

Versions concerned
"The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 and all versions of Windows 10 currently maintained, including server versions," said Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC).

"Windows XP, Windows Server 2003, and Windows Server 2008 are not affected," he said.

Pope said Microsoft had discovered these vulnerabilities internally, while trying to strengthen and improve the security of the RDS package.

Remote Desktop Services (RDS) is the Windows component that allows a user to take control of a remote computer or virtual machine over a network connection. In some earlier versions of Windows, RDS was called Terminal Services.

A race to the patch
As with the BlueKeep vulnerability, Pope advises users and businesses to apply patches to their systems as quickly as possible to prevent exploitation.

Although BlueKeep was revealed three months ago, no attack was detected at the time of writing this article, although exploits of BlueKeep have already been created and shared.

However, prevention is better than cure: CVE-2019-1181 and CVE-2019-1182 should be at the top of the list of all system administrators this week and this Patch Tuesday.

"There are partial mitigation measures on affected systems for which Network Level Authentication (NLA) is enabled," said Pope. "Affected systems are protected from" wormables "or advanced malware that could exploit this vulnerability because the NLA requires authentication before the vulnerability can be triggered. "

"However, affected systems remain vulnerable to remote code execution (RCE) exploitation if the attacker has valid credentials that can be used to authenticate successfully," said Pope.

my-courses.net

No comments:

Post a Comment

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (1) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (167) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (8) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) HTML (7) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (32) Python BeautifulSoup (1) Python For Data Science (2) Python-Books (6) Python-DVD-Training (1) Python-Exercises (135) Python-Framework (1) Python-IDE (1) Python-Modules (1) Python-pdf (2) Python-pyQt (1) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (1) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)
 

Sample text

Sample Text

 
Blogger Templates