DejaBlue - Multiple Wormable RDS vulnerabilities affecting latest windows versions

On the latest Patch Tuesday, August 13th, Microsoft disclosed multiple pre-authentication remotely exploitable vulnerabilities in Windows remote desktop services (RDS). This means that the vulnerabilities can be exploited without any authentication or user interaction.

 

 

These are the assigned CVEs:

CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 and less severe CVE-2019-1225, CVE-2019-1224, CVE-2019-1223.


Unlike the BlueKeep (CVE-2019-0708) vulnerability which only affected Windows 7/Server 2008 and below, the new vulnerabilities, named DejaBlue affect all new Windows versions up to the latest Windows 10 version; Windows XP and Server 2003 are not affected (some of the vulnerabilities don’t affect Windows 7 and Server 2008 unless RDP 8+ is enabled).  


Current and supported versions of the enSilo Endpoint Security Platform protect “out-of-the-box” against attacks using the RDP protocol to target previous or similar vulnerabilities in Remote Desktop Services. The enSilo Threat Intelligence team is monitoring for new exploits in the wild targeting the new vulnerabilities and researching possible attack methods. While Microsoft stated that their internal teams created a fully working exploit chain to the vulnerabilities, as of now there are no “in-the-wild” exploits. That said, it is highly likely that given the severity of the vulnerabilities exploits will emerge soon.


ENSILO RECOMMENDS CUSTOMERS TAKE THE FOLLOWING ACTIONS:

Apply updates to impacted systems as soon as possible.

  • Either disable or restrict remote access to your RDP-enabled endpoints by preventing access from the public internet or allowing only VPN connections.
  • Enable Network Level Authentication (NLA) which will mitigate CVE-2019-1222 and CVE-2019-1226.


ENSILO_Blackhat_cl_ads_368x280

 

Related Blog Posts

How To Handle The Increase In Powershell Attacks ? one

enSilo Corporate and Product

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More

Customers Say It Best - Managed Security Service Provider one

enSilo Corporate and Product

 

Retailers, restaurants, hoteliers, and small businesses are having problems discovering breaches on their POS systems. Delayed detection of a.

Read More

5 Ways to Tackle Ransomware Attacks One

enSilo Corporate and Product

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More

enSilo Blocks New Variant of Adwind RAT one

enSilo Corporate and Product

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More