Microsoft Issues Patches for BlueKeep-Like VulnerabilitiesNewly Discovered Bugs Can Carry Out Remote Code Execution Without User Interaction
Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.
Remote desktop services is a proprietary tool of Microsoft Windows that allows its users to remotely access another computer over a network. By exploiting the vulnerabilities present in this feature, malicious actors could gain control over the system and spread malware autonomously by remote code execution.
The bugs have been indexed as CVE-2019-1181 and CVE-2019-1182. They were discovered by the company during its regular security check of its remote desktop services. Patches were released as part of Microsoft’s August Patch Tuesday.
"These two vulnerabilities are also 'wormable,' meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction," Microsoft says in a blog.
Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and Windows 10, including server versions, are affected by these most recently revealed vulnerabilities.
Similarities to BlueKeep
Researchers at Microsoft note that the newly discovered bugs are similar in nature to BlueKeep, which affected the RDS feature in over 800,000 Windows devices across the world. BlueKeep, referred to as CVE-2019-0708, was first discovered in May.
Although Microsoft has yet to ascertain the number of devices affected by the newly discovered vulnerabilities, CVE-2019-1181 and CVE-2019-1182, it recommends immediate patching of these bugs to contain a potential wider attack. Further, it clarified that no third-party manipulations of the vulnerability have been reported.
"It’s important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide," Microsoft says in the blog.
Recent reports highlight that many enterprises have yet to patch the BlueKeep vulnerability, which apparently has not yet been exploited in the wild (see: BlueKeep Patching Still Spotty Months After Alerts: Report ).
Zerodium, McAfee, Kaspersky, Check Point, MalwareTech and Valthek are among the companies that have developed a proof-of-concept for exploiting the BlueKeep vulnerability, demonstrating – without revealing the details - how bad actors could potentially exploit the flaw to leverage a larger attack.
In addition, Sophos has not only developed its own proof-of-concept attack, but it's also showed a full system takeover to demonstrate what a threat actor could do (see: Sophos Proof-of-Concept Exploit Shows Dangers of BlueKeep).