Mon. Nov 18th, 2019

TerabitWeb Blog

Fascinating Technology and Security Information

BlueKeep-like RCE flaws in RDP among 93 vulnerabilities patched by Microsoft

3 min read

Original Post from SC Magazine
Author: Teri Robinson

Microsoft patched 93 vulnerabilities, including
two BlueKeep-like remote code execution (RCE) flaws.

The two
flaws, CVE-2019-1181 and CVE-2019-1182, in Remote
Desktop Services, are “wormable,” Simon Pope, director of incident response at the Microsoft Security
Response Center (MSRC), wrote in a blog
post
, “meaning that any future malware that exploits these could propagate
from vulnerable computer to vulnerable computer without user interaction.”

The flaws affect Windows 7
SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows
Server 2012 R2, as well as supported Windows 10 versions, but not Windows XP, Windows Server 2003, and Windows Server 2008.

None of the vulnerabilities have been exploited or likely known to
third parties, rather they “were discovered by Microsoft during hardening
of Remote Desktop Services as part of our continual focus on strengthening the
security of our products,” Pope wrote. 

He urged users to patch affected systems quickly “because of the elevated risks associated with wormable
vulnerabilities like these.” Fixes are available for download
in the Microsoft Security Update Guide.

Noting “partial mitigation on affected systems
that have Network Level Authentication (NLA) enabled,” Pope said, “the affected
systems are mitigated against ‘wormable’ malware or advanced malware threats
that could exploit the vulnerability, as NLA requires authentication before the
vulnerability can be triggered.” 

Among the Patch Tuesday fixes is a critical
vulnerability, CVE-2019-1201,
found in Microsoft Word and which is “due to an improper handling of objects in
memory,” said Satnam Narang, senior research
engineer at Tenable. “An
attacker could exploit this flaw by creating a specially crafted Microsoft Word
file and convincing their victim to open the file on a vulnerable system,
either by attaching it to a malicious email or hosting it on a malicious
website.”

The Outlook Reading/Preview Pane is an attack vector,
Microsoft has said, “meaning the vulnerability could be exploited by merely
viewing the email without opening an attachment,” Narang explained. “Successful
exploitation would allow an attacker to perform actions on the system using the
same permissions as the current user.”

Calling the patches “a
light set of operating system and application security updates,” including 35
CVEs for Server 2008 and 78 CVEs for the Windows 10 updates, Chris Goettl, director of product management,
Security, Ivanti, expressed surprise that “there are NO zero days OR publicly disclosed
vulnerabilities!  It has been long time since I remember that happening.” 

Like Pope, he advised users
to apply patches for the RDP vulnerabilities “immediately.”

Goettl called out CVE-2019-9506, the Encryption
Key Negotiation of Bluetooth Vulnerability, a tampering vulnerability for which
CERT/CC has issued CVE-2019-9506 and VU#918987 and which carries a CVSS score
of 9.3.  “It requires specialized hardware to exploit but can allow
wireless access and disruption within Bluetooth range of the device being
attacked,” said Goettl. “Microsoft provided an update to address the
issue, but the new functionality is disabled by default.”

The post BlueKeep-like RCE flaws in RDP among 93 vulnerabilities patched by Microsoft appeared first on SC Media.


Go to Source
Author: Teri Robinson

Leave a Reply

Copyright © All rights reserved. | Newsphere by AF themes.