1 min read

Microsoft warns of wormable vulnerabilities in Windows

Graham CLULEY

August 14, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft warns of wormable vulnerabilities in Windows

On the second Tuesday of every month, regular as clockwork, Microsoft releases a bundle of security patches for its software and urges companies and home users to update their systems before vulnerabilities are exploited by malicious hackers.

Sure enough on this month’s Patch Tuesday, earlier this week, the company rolled out updates for its customers, but amongst them are fixes for two critical vulnerabilities which could be exploited by a fast-moving worm.

As Microsoft’s security team explains in a blog post, the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction.

The flaws, CVE-2019-1181 and CVE-2019-1182, lurk within Microsoft”s Remote Desktop Service on Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Microsoft says that older versions of their software – Windows XP, Windows Server 2003, and Windows Server 2008 – are not affected. Furthermore, in Windows 10 Remote Desktop is disabled by default, meaning that companies are more likely to be at risk if they had deliberately chosen to enable the feature.

The good news is that Microsoft found the flaws itself as part of an ongoing process of strengthening the security of its code, and there have been no reports of the vulnerabilities of the exploits being taken advantage of by hackers in the wild.

That’s obviously comforting, but no reason for complacency. If a hacker was able to successfully exploit the flaws then they could potentially create a worm capable of spreading with the ferocity of past high profile attacks such as WannaCry.

Microsoft’s advice? Patch your computers at your earliest opportunity. It would also make sense to disable Remote Desktop Services if it is not required.

Just a few months ago Microsoft released security patches designed to fix the “BlueKeep” vulnerability, another flaw that it was feared could be exploited by a malicious worm to spread around the world.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read