Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.
Remote desktop services is a proprietary tool of Microsoft Windows that allows its users to remotely access another computer over a network. By exploiting the vulnerabilities present in this feature, malicious actors could gain control over the system and spread malware autonomously by remote code execution.
The bugs have been indexed as CVE-2019-1181 and CVE-2019-1182. They were discovered by the company during its regular security check of its remote desktop services. Patches were released as part of Microsoft's August Patch Tuesday.
"These two vulnerabilities are also 'wormable,' meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction," Microsoft says in a blog.
Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and Windows 10, including server versions, are affected by these most recently revealed vulnerabilities.
Similarities to BlueKeep
Researchers at Microsoft note ..
Support the originator by clicking the read the rest link below.
