Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks

Microsoft’s Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a zero-day and a flaw that can be exploited by malware to spread similar to the way the notorious WannaCry did back in 2017.

The zero-day vulnerability, tracked as CVE-2019-0863, is a privilege escalation issue related to the way the Windows Error Reporting (WER) system handles files. Exploitation requires low-privileged access to the targeted system.

A researcher from Palo Alto Networks and an individual who uses the online moniker “Polar Bear” have been credited by Microsoft for reporting the vulnerability. Palo Alto Networks has told SecurityWeek that it cannot share any information about the attacks at this time.

Microsoft has also patched CVE-2019-0708, a remote code execution vulnerability in Remote Desktop Services (RDS), formerly known as Terminal Services. The flaw can be triggered by an unauthenticated attacker by connecting to the targeted system via the Remote Desktop Protocol (RDP) and sending specially crafted requests. The company has pointed out that RDP itself is not vulnerable.

Microsoft says it’s important that patches for this vulnerability are installed as soon as possible due to the fact that it can be exploited without authentication and without user interaction.

“The vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a microsoft patches vulnerability allowing wannacry attacks