Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware

The update is shipped to Windows 10 version 1809

Windows 7 users should run Windows Update to get the patch, or go here for manual downloads if that doesn't work.

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. The company is also backporting a patch for this vulnerability to versions that are no longer supported, such as Windows 2003 and XP. It affects older versions of Windows dating all the way back to Windows XP.

The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC.

There are 22 critical flaws this month, out of which no less than 18 affect browsers and scripting engines, with other 4 representing Remote Code Execution (RCE) vulnerabilities in key products like Remote Desktop and Word. It is wormable, meaning that it allows any malware exploiting the flaw to be able to spread from one vulnerable system to another. 'While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. Those using out-of-support systems (like Windows 2003 and Windows XP), can download the KB4500705 update in which Microsoft has implemented the necessary security fixes. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

Microsoft advises that "all affected systems - irrespective of whether NLA is enabled or not - should be updated as soon as possible".

Help Coming on Blocking Scam Calls for Robocall-plagued US
People received about 60 incoming calls from 'unrecognized numbers or numbers not linked to a person in their contact list'. Allowing the default call-blocking could significantly increase development and consumer adoption of the tools, Pai said.

There are no public exploits for it yet and no indication that it's already being actively exploited.

However, the newly-discovered vulnerability is so serious that Microsoft is warning it could pave the way for another attack similar to WannaCry, which took over hundreds of thousands of Windows PCs across the world back in 2017.

For more on this, read our companion article dealing with the potential consequences, affected systems and mitigations for this remote, "wormable" Windows vulnerability.

In addition, a publicly disclosed vulnerability in Skype for Android (CVE-2019-0932) could enable an attacker to snoop on conversations without a victim's knowledge. "Some customers may have to disable Hyper-Threading (SMT) to fully address the risk from MDS vulnerabilities", Microsoft also warned.

In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another.

Related News:



Most liked

Madonna Defends Decision to Perform at Eurovision in Israel
I hope and pray that we will soon break free from this bad cycle of destruction and create a new path towards peace", she said. The cyberattack did not affect the TV broadcast of the global song contest, which is run by the European Broadcast Union.

AEW confirms TV deal with Turner Network
Both parties issued a joint press release heralding the union, hours ahead of WarnerMedia's advertiser upfronts in New York City. World Championship Wrestling was the last wrestling on TNT , and it disappeared when the company was sold to WWE in 2001.

Nebraska farmer gruesomely saves his own life after getting stuck in equipment
He was released from rehab over the weekend but will need to wait until his leg is fully healed to be fitted for a prosthetic. He was rushed to a hospital and later airlifted to another hospital where his daughter works. "It is what it is", Kaser said.

Google to push new ads on its apps to snare shoppers
It appears that ads for Google Images and Discover are already rolling out, but the new ads in YouTube are "coming soon". According to Google , consumers expect useful, swipeable, and visual experiences from their ads.

Selena Gomez blasts social media as 'terrible' for her generation
Ishita had announced "new beginnings" post the break up with pictures from her get-together with friends. We have to say, Gomez is absolutely right about social media being a bittersweet entity at times.

Michigan Farmers And The Tariff 'War' With China
Trump a year ago pledged up to $12 billion in aid to farmers - chiefly soybean, wheat and corn growers, and those who raise pigs. That's a much shorter list compared with the $200 billion of Chinese products on which Washington has hiked tariffs.

Wijnaldum: Liverpool season deserves a trophy
Sheikh Mansour bin Zayed al-Nahyan, the billionaire businessman and member of the Abu Dhabi royal family, bought Manchester City in 2008.

'Imperative' UK government strikes new EU Brexit deal by June
It played down suggestions that the party was considering abstaining in the first vote on the Bill. May has said she will step down once the first phase of Brexit is complete.

Mourinho says Manchester United's problems go beyond Paul Pogba
After Man United's 2-0 loss at home to relegated Cardiff one the final day, Pogba was abused by his own fans. The United fans love you when you say you are committed", Evra added. "He has the most goals, most assists".

Sri Lanka situation 'under control' after anti-Muslim riots
Scores of private homes, Muslim-owned shops and businesses were destroyed, while several mosques were also vandalised. One man was stabbed to death with a sword. "Our people are still afraid to go out", he told AFP by telephone.

Pep Guardiola One Game Away From Making History With Manchester City
The Reds will be hoping they can secure the trophy this season, after losing out in the final to Real Madrid last campaign. Kompany injured Salah, Victims of it all, Sterling won the double, And the Scousers won f*ck all.

US, Russia see path forward on Syria but clash on election meddling
"We would not tolerate that". "Our elections are important and sacred and they must be free and fair". Pompeo sought to alleviate some of the concern but made clear the US would respond to attacks.

Woman faces murder count in death of man, 74, shoved off bus
Trevor Taylor, a neighbour to Mr Fournier, said: "No matter what his age, she should not have done that". In the video, a suspect is seen pushing Fournier with both hands down the front steps of the bus.

New York Jets fire GM Mike Maccagnan
Jets CEO Christopher Johnson said in a statement he told Maccagnan he was being relieved of his duties in the morning. If you're a NY sports fan who puts your support behind the Knicks and Jets, well, you've had better days.

Michigan Legislature votes to ban abortion procedure
The only exceptions are for a serious health risk to the pregnant woman or a lethal anomaly of the fetus. The American Civil Liberties Union of Alabama said a complaint is being drafted to challenge the ban.