Microsoft has found and patched more critical flaws in Widows Remote Desktop services

by | Aug 21, 2019 | Operating system | 0 comments

New (or maybe not so new) vulnerabilities in Windows Remote Desktop Services have been identified and patched by Microsoft. These services are widely used in businesses and some of the vulnerabilities can be exploited without authentication to achieve execution of remote code.

These flaws were discovered by Microsoft during the hardening of the RDS system in Windows and to date the exploits they found have not been released…by Microsoft at any rate. Two of the flaws are workable according to Simon Pope director of incident response and if it makes its way onto a network malware can exploit them to propagate from PC to PC.

Affected systems include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 and all supported versions of Windows 10. RDS is a system service and as such any exploit would give attackers privileges to read and delete data, create new accounts and install programs including ransomware.

Microsoft has also patched two other flaws that only affect Windows 10, Windows Server 2019 and Windows Server version 1803 and don’t require authentication to exploit as well as an unauthenticated denial-of-service flaw and two memory disclosure issues. That is a whopping seven RDS flaws that have been patched.

The reason Microsoft have done the investigations into RDS is the discovery of Bluekeep in May which had publicly released exploits this combined with the fact that most end points do not use network level authentication could result in scenarios where attackers can obtain legitimate credentials and bypass this protection, so deploying patches for these vulnerabilities as soon as possible is the best solution.

Related Articles

Severe Vulnerability leaves Contactless cards exposed to Pin bypass

Researchers at ZTH Zurich have found a severe Vulnerability in contactless cards that allow malicious parties to bypass the need for pin codes using a Man-in-the-middle Principle that allow these hackers to take advantage of the data that is passed between the card...

Phishing attacks on the rise

Old mutual has warned that to prevent becoming a victim of fraud it is vital to be wary especially when using transactional, card-based accounts that are linked to savings or cheque accounts. According to the Office of the Banking Ombudsman, these transactional...

New Macs powered by ARM chips might drop in November

A special event may be on the cards for Apple on November 17 as it prepares to launch ARM-powered hardware. Jon Prosser, a tech analyst, tipped off on Twitter that Apple plans to host an ARM Mac event in November, launching its new in-house designed ARM-powered Macs...

Join Our Newsletter

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque

Stay Up to Date With The Latest News & Updates