Credit: ShutterstockIn the latest “Patch Tuesday” security fixes bundle, Microsoft included patches for two new critical Remote Code Execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182) in the Windows Remote Desktop Services. Following the May disclosure of BlueKeep, after the company’s security team attempted to harden the Remote Desktop Services feature in Windows, Microsoft’s engineers found two other wormable bugs that attackers could exploit. The two vulnerabilities are part of 93 security vulnerabilities Microsoft and affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, as well as all versions of Windows 10, including the server ones. According to Microsoft, Windows XP, Windows Server 2003 and Windows Server 2008 and Remote Desktop Protocol itself are not affected by the vulnerabilities. In a blog post this week, Microsoft said that it doesn’t believe that the vulnerabilities were being exploited in the wild by attackers. However, the company still urges everyone to update their systems immediately, as the bugs are every bit as dangerous as BlueKeep. Microsoft Patches 93 Vulnerabilities In Latest Windows Update System administrators will have their hands full in the second part of this month, as Microsoft has released a batch of 93 security fixes, covering software, including Windows operating systems, Internet Explorer, Edge, ChakraCore, Microsoft Office, Microsoft Office Services and Web Apps, Azure DevOps Server, Visual Studio, Online Services and Microsoft Dynamics. Of the 93 bugs, about a third (29) are critical, while the other 64 are rated Important in severity. Microsoft has recently complained that more than two-thirds… [Read full story]
Leave a Reply