DejaBlue - Multiple Wormable RDS vulnerabilities affecting latest windows versions
These are the assigned CVEs:
Unlike the BlueKeep (CVE-2019-0708) vulnerability which only affected Windows 7/Server 2008 and below, the new vulnerabilities, named DejaBlue affect all new Windows versions up to the latest Windows 10 version; Windows XP and Server 2003 are not affected (some of the vulnerabilities don’t affect Windows 7 and Server 2008 unless RDP 8+ is enabled).
Current and supported versions of the enSilo Endpoint Security Platform protect “out-of-the-box” against attacks using the RDP protocol to target previous or similar vulnerabilities in Remote Desktop Services. The enSilo Threat Intelligence team is monitoring for new exploits in the wild targeting the new vulnerabilities and researching possible attack methods. While Microsoft stated that their internal teams created a fully working exploit chain to the vulnerabilities, as of now there are no “in-the-wild” exploits. That said, it is highly likely that given the severity of the vulnerabilities exploits will emerge soon.
ENSILO RECOMMENDS CUSTOMERS TAKE THE FOLLOWING ACTIONS:
Apply updates to impacted systems as soon as possible.
- Either disable or restrict remote access to your RDP-enabled endpoints by preventing access from the public internet or allowing only VPN connections.
- Enable Network Level Authentication (NLA) which will mitigate CVE-2019-1222 and CVE-2019-1226.