Microsoft Warns Of New BlueKeep‑like Flaws

Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181CVE‑2019‑1182CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS, WeLiveSecurity reported.


EXPERTS COMMENTS
David Kennefick, Product Architect ,  edgescan
August 19, 2019
Organisations need to have a strong patching policy in place.
As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182. Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to these vulnerabilities. This is a small number compared to nearly 3.06% which were exposed to BlueKeep. There is more information available in the edgescan stats report (https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf) This shows two things: The reaction to BlueKeep has decreased the likelihood of this vulnerability, machines have been patched or had their internet/RDP access reduced/removed. As the same attack path is needed (RDP access) as BlueKeep, this leads to a smaller number of potentially exploitable machines. Organisations need to have a strong patching policy in place. We would hope that the vulnerabilities such as EternalBlue, NotPetya/WannaCry & BlueKeep have prepared organisations and allowed them to build out their patching programs which will allow them to react swiftly to the wonderfully named DejaBlue.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article