Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑
As internal networks start to become more exposed to the world and the internal/external divide gap is bridged using technology, we are going to see a large uptick in vulnerabilities such as CVE-2019-1181, CVE-2019-1182.
Some numbers from a sample of 250,000 public Internet-facing assets under continuous profiling by edgescan, would suggest that about 0.36% of the internet may be exposed to these vulnerabilities. This is a small number compared to nearly 3.06% which were exposed to BlueKeep. There is more information available in the edgescan stats report (https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf)
This shows two things:
The reaction to BlueKeep has decreased the likelihood of this vulnerability, machines have been patched or had their internet/RDP access reduced/removed.
As the same attack path is needed (RDP access) as BlueKeep, this leads to a smaller number of potentially exploitable machines.
Organisations need to have a strong patching policy in place. We would hope that the vulnerabilities such as EternalBlue, NotPetya/WannaCry & BlueKeep have prepared organisations and allowed them to build out their patching programs which will allow them to react swiftly to the wonderfully named DejaBlue.