Microsoft Urges Patching Windows RDS Vulnerability Yet Again -- Redmondmag.com

Microsoft Urges Patching Windows RDS Vulnerability Yet Again

By Kurt Mackie
05/31/2019

Microsoft on Thursday again issued advice that its May security patches should be installed to prevent a "wormable" vulnerability (CVE-2019-0708) in Remote Desktop Services (RDS) from getting exploited by attackers.

The vulnerability, which could enable remote code execution by attackers, is only present in older systems, such as Windows 7, Windows Server 2008 and Windows Server 2008 R2. However, Microsoft took a rare action and also issued downloadable patches for unsupported Windows systems, namely Windows XP and Windows 2003.

In its Thursday announcement, Microsoft suggested that an RDS exploit likely exists, and it could spread rapidly across networks, much like the infamous WannaCry wiper malware.

Here's the current state of the threat, as described by Simon Pope, director of incident response at the Microsoft Security Response Center:

Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.

Security researcher Kevin Beaumont has been tracking attempts to exploit the vulnerability, which he called "BlueKeep." In a Wednesday Twitter post, he suggested that no public exploit had been found in the wild at that time. However, he also noted that security researchers at McAfee had shown a proof-of-concept that ran the Calculator program (a common test for executing code).

McAfee researchers confirmed that Microsoft's RDS patches will ward off the exploits. They recommended disabling the Remote Desktop Protocol entirely if it's not needed, but it should at least be disabled "from outside of your network and limit it internally." McAfee also recommended blocking MS_T120 client requests "on any channel other than 31." It's possible to change the Remote Desktop Protocol default port, but unpatched systems would still be vulnerable, according to McAfee.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.