Microsoft Warns Of New BlueKeep‑like Flaws

Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181CVE‑2019‑1182CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS, WeLiveSecurity reported.


EXPERTS COMMENTS
David Kennefick, Product Architect,  edgescan
August 19, 2019
Organisations need to have a strong patching policy in place.
As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182. Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to th ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article