Microsoft has found and patched more critical flaws in Widows Remote Desktop services
New (or maybe not so new) vulnerabilities in Windows Remote Desktop Services have been identified and patched by Microsoft. These services are widely used in businesses and some of the vulnerabilities can be exploited without authentication to achieve execution of remote code.
These flaws were discovered by Microsoft during the hardening of the RDS system in Windows and to date the exploits they found have not been released…by Microsoft at any rate. Two of the flaws are workable according to Simon Pope director of incident response and if it makes its way onto a network malware can exploit them to propagate from PC to PC.
Affected systems include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 and all supported versions of Windows 10. RDS is a system service and as such any exploit would give attackers privileges to read and delete data, create new accounts and install programs including ransomware.
Microsoft has also patched two other flaws that only affect Windows 10, Windows Server 2019 and Windows Server version 1803 and don’t require authentication to exploit as well as an unauthenticated denial-of-service flaw and two memory disclosure issues. That is a whopping seven RDS flaws that have been patched.
The reason Microsoft have done the investigations into RDS is the discovery of Bluekeep in May which had publicly released exploits this combined with the fact that most end points do not use network level authentication could result in scenarios where attackers can obtain legitimate credentials and bypass this protection, so deploying patches for these vulnerabilities as soon as possible is the best solution.
A special event may be on the cards for Apple on November 17 as it prepares to launch ARM-powered hardware. Jon Prosser, a tech analyst, tipped off on Twitter that Apple plans to host an ARM Mac event in November, launching its new in-house designed ARM-powered Macs...
Fortinet Labs have recently uncovered that many D-Link routers have a security flaw that is not going to be patched, this leaves the routers vulnerable open for attackers to be able to perform remote code execution with root privileges. In a statement, they said, "We...
There has been a new RDP based attack using a similar method to the WannaCry attacks, using RDP ports on 3389 that are open to the internet, this attack deploys Crypto-Mining Payloads on devices running vulnerable versions of windows. It has been confirmed that a...
Join Our Newsletter
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque