[German]As of August 13, 2019 (2nd Tuesday of the month, Patchday) Microsoft has released a series of security updates. These include extremely critical updates that close vulnerabilities exploitable by computer worms (CVE-2019-1181/CVE-2019-1182).
A rough overview of the security updates can be found in the previously posted blog post Microsoft Security Update Summary (August 13, 2019). More details can be found in the blog posts, which are linked at the end of the article. In the Microsoft Security Response Center , Microsoft has given an overview of what is particularly critical about the patchday.
CVE-2019-1181/1182 in Remote Desktop Services
Windows Remote Desktop Services seems to be a problematic component. In May 2019, Microsoft had already released critical security updates for the so-called BlueKeep vulnerability CVE-2019-0708. An explanation of the vulnerabilities can be found in the blog post Critical update for Windows XP up to Windows 7 (May 2019). There are also several blog posts about the BlueKeep vulnerability CVE-2019-0708 (see links at the end of this article).
New vulnerabilities found
During the 'hardening' of Remote Desktop Services (formerly known as Terminal Services) with respect to the BlueKeep vulnerability, Microsoft discovered two additional vulnerabilities in these services.
An unauthenticated attacker can connect to the target system via RDP and send specially developed requests. The vulnerability does not require authentication by the attacker and exploitation does not require user interaction. An attacker who has successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges.
Like the BlueKeep (CVE-2019-0708) vulnerability previously addressed, these two vulnerabilities are wormable, meaning that any future malware that exploits them could spread from a vulnerable computer to a vulnerable computer without user interaction.
Security updates (August 13, 2019)
Now Microsoft has released a series of further corrections (security update) for Remote Desktop Services as of August 13, 2019. These address two critical vulnerabilities in Remote Code Execution (RCE). These are the vulnerabilities designated CVE-2019-1181 and CVE-2019-1182.
The updates fix the vulnerabilities by correcting the way Remote Desktop Services handles connection requests. Microsoft currently has no evidence that these vulnerabilities were known to third parties.
Updates should be installed immediately
Microsoft considers it important that affected systems are patched as quickly as possible. The reason: The vulnerabilities exploitable by computer worms are associated with high risks.
As a problem I consider that the updates for Windows 7 SP1, Windows 8.1 as well as Windows 10 and their server counterparts have some serious known issues. There are also problems installing SHA2-only signed Windows 7 updates, if Norton antivirus products are installed (the Norton blocks these updates). More information can be found in the blog posts linked at the end of this article.
However, you should know that the Remote Desktop is not automatically activated on clients like Windows 10. The risk lurks more in corporate environments where remote desktop services are used via servers.
Which Windows systems are affected?
The Windows versions affected by the RCE vulnerability are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.
Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself.
Downloads für CVE-2019-1181
Downloads für CVE-2019-1182
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
BlueKeep: Windows Remote Desktop Services vulnerability exploits status
Critical update for Windows XP up to Windows 7 (May 2019)
Nearly 1 million Windows machines with BlueKeep vulnerability
BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia
BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor
How To: BlueKeep-Check for Windows
Cookies helps to fund this blog: Cookie settings