Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181CVE‑2019‑1182CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS, WeLiveSecurity reported.

Experts Comments

August 19, 2019
David Kennefick
Product Architect
edgescan
As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182. Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to these vulnerabilities. This is a small number compared to nearly 3.06% which were exposed to.....Read More
As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182. Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to these vulnerabilities. This is a small number compared to nearly 3.06% which were exposed to BlueKeep. There is more information available in the edgescan stats report (https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf) This shows two things: The reaction to BlueKeep has decreased the likelihood of this vulnerability, machines have been patched or had their internet/RDP access reduced/removed. As the same attack path is needed (RDP access) as BlueKeep, this leads to a smaller number of potentially exploitable machines. Organisations need to have a strong patching policy in place. We would hope that the vulnerabilities such as EternalBlue, NotPetya/WannaCry & BlueKeep have prepared organisations and allowed them to build out their patching programs which will allow them to react swiftly to the wonderfully named DejaBlue.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.