Microsoft Warns Of New BlueKeep‑like Flaws

By   ISBuzz Team
Writer , Information Security Buzz | Aug 19, 2019 05:10 am PST

Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181CVE‑2019‑1182CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS, WeLiveSecurity reported.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
David Kennefick
David Kennefick , Product Architect
InfoSec Expert
August 19, 2019 1:16 pm

As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182.

Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to these vulnerabilities. This is a small number compared to nearly 3.06% which were exposed to BlueKeep. There is more information available in the edgescan stats report (

This shows two things:

The reaction to BlueKeep has decreased the likelihood of this vulnerability, machines have been patched or had their internet/RDP access reduced/removed.
As the same attack path is needed (RDP access) as BlueKeep, this leads to a smaller number of potentially exploitable machines.
Organisations need to have a strong patching policy in place. We would hope that the vulnerabilities such as EternalBlue, NotPetya/WannaCry & BlueKeep have prepared organisations and allowed them to build out their patching programs which will allow them to react swiftly to the wonderfully named DejaBlue.

Last edited 4 years ago by David Kennefick

Recent Posts

Would love your thoughts, please comment.x