Thursday, 28 May, 2020

Microsoft releases emergency patches for serious RDS flaw

Microsoft releases emergency patches for serious RDS flaw Microsoft releases emergency patches for serious RDS flaw
Cecil Davis | 15 May, 2019, 20:28

This vulnerability is pre-authentication and requires no user interaction. "In other words, the vulnerability is 'wormable, ' meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017".

But the Windows makers have urged that "affected systems are patched as quickly as possible to prevent such a scenario from happening".

For those who can not apply the security updates, Microsoft advises either disabling RDP services if they are not required, blocking TCP port 3389 at the enterprise perimeter firewall, and/or enabling Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2.

"Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected", says Microsoft.

The latter, CVE-2019-0725, is a particularly nasty memory corruption vulnerability, since all that is needed to exploit it is a well-crafted packet sent to a DHCP server and affects all now supported versions of Windows, client and server.

Lewis Hamilton: Being so dominant over Ferrari isn't as fun
Therefore, Ferrari chose to let Charles Leclerc past the German to try and catch up with the leaders. We were just discussing improvements we could make and talking about how we could improve the auto .

The vulnerability deals with the Remote Desktop Services function in Windows, which can allow a user to take control of the machine over a network. We're not sure if Window Update will still run on Windows XP, but if not, Microsoft has patches for XP SP3, and for 64-bit XP SP2, that you can manually download here. This measure would stop worms as long as attackers don't have valid credentials for authentication on vulnerable systems.

For those interested, Microsoft shared some additional details about this security vulnerability.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights", Microsoft said in the vulnerability advisory. "It is for these reasons that we strongly advise that all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible". "This vulnerability will make that process even easier".

The Patch Tuesday releases also fix several critical remote code execution vulnerabilities targeted the Edge and Internet Explorer 11 browsers.

Microsoft had already released a patch for the flaw, but many older and vulnerable OSes were never updated. It's an elevation-of-privilege vulnerability in the way Windows Error Reporting handles files, which allows an attacker to gain kernel mode access to a victim system.