Industry News

Microsoft warns of wormable vulnerabilities in Windows

On the second Tuesday of every month, regular as clockwork, Microsoft releases a bundle of security patches for its software and urges companies and home users to update their systems before vulnerabilities are exploited by malicious hackers.

Sure enough on this month’s Patch Tuesday, earlier this week, the company rolled out updates for its customers, but amongst them are fixes for two critical vulnerabilities which could be exploited by a fast-moving worm.

As Microsoft’s security team explains in a blog post, the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction.

The flaws, CVE-2019-1181 and CVE-2019-1182, lurk within Microsoft’s Remote Desktop Service on Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Microsoft says that older versions of their software – Windows XP, Windows Server 2003, and Windows Server 2008 – are not affected. Furthermore, in Windows 10 Remote Desktop is disabled by default, meaning that companies are more likely to be at risk if they had deliberately chosen to enable the feature.

The good news is that Microsoft found the flaws itself as part of an ongoing process of strengthening the security of its code, and there have been no reports of the vulnerabilities of the exploits being taken advantage of by hackers in the wild.

That’s obviously comforting, but no reason for complacency. If a hacker was able to successfully exploit the flaws then they could potentially create a worm capable of spreading with the ferocity of past high profile attacks such as WannaCry.

Microsoft’s advice? Patch your computers at your earliest opportunity. It would also make sense to disable Remote Desktop Services if it is not required.

Just a few months ago Microsoft released security patches designed to fix the “BlueKeep” vulnerability, another flaw that it was feared could be exploited by a malicious worm to spread around the world.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.