Microsoft has found and patched more critical flaws in Widows Remote Desktop services

by | Aug 21, 2019 | Operating system | 0 comments

New (or maybe not so new) vulnerabilities in Windows Remote Desktop Services have been identified and patched by Microsoft. These services are widely used in businesses and some of the vulnerabilities can be exploited without authentication to achieve execution of remote code.

These flaws were discovered by Microsoft during the hardening of the RDS system in Windows and to date the exploits they found have not been released…by Microsoft at any rate. Two of the flaws are workable according to Simon Pope director of incident response and if it makes its way onto a network malware can exploit them to propagate from PC to PC.

Affected systems include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 and all supported versions of Windows 10. RDS is a system service and as such any exploit would give attackers privileges to read and delete data, create new accounts and install programs including ransomware.

Microsoft has also patched two other flaws that only affect Windows 10, Windows Server 2019 and Windows Server version 1803 and don’t require authentication to exploit as well as an unauthenticated denial-of-service flaw and two memory disclosure issues. That is a whopping seven RDS flaws that have been patched.

The reason Microsoft have done the investigations into RDS is the discovery of Bluekeep in May which had publicly released exploits this combined with the fact that most end points do not use network level authentication could result in scenarios where attackers can obtain legitimate credentials and bypass this protection, so deploying patches for these vulnerabilities as soon as possible is the best solution.

Related Articles

Independent Dev tackles 7-year-old windows issue in a few hours.

We have all had it, you’re busy with a youtube video or in an intense gaming session but we need an extra kick of volume, you mash the volume up hotkey or use the slider, and boom, the volume slider never closes, has the timer glitched or do you have to restart...

Fake news: The new minefield of the web

It isn’t uncommon these days to read a headline about “Russian hackers posting fake news”, it is even President Trumps favourite new phrase. Fake news is the scourge of the web. The spread of misinformation carries any number of ramifications, to the point where it...

Join Our Newsletter

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque

Stay Up to Date With The Latest News & Updates