There is some bad news for Windows 10 users. Microsoft warns Windows users to update immediately because of two critical remote code execution vulnerabilities, which respectively are CVE-2019-1181 and CVE-2019-1182.
Microsoft Warns Windows Users to Update Immediately
Microsoft has warned Windows 10 users to upgrade their operating system because of the two critical remote code execution vulnerabilities. In the following section, we will show you more specific information.
On Microsoft’s Patch Tuesday day, here came some bad news which is there exists more wormable RDP vulnerabilities, affecting Windows 10 users.
There are two critical vulnerabilities in Remote Desktop Services (formerly Windows Terminal) that are wormable. These two critical vulnerabilities are CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerability that people have already created exploits.
These two critical vulnerabilities can be exploited without user interaction by sending a specially-crafted remote desktop protocol (RDP) message to RDS. Once it is in, an attacker can install programs, change or delete data, create new accounts with full user rights.
In this way, it is highly risky for users to lose data or leverage privacy.
Microsoft said that these two critical vulnerabilities are potentially wormable, so it means that affected computer could spread virus and malware without any action on the user’s part. And there are potentially hundreds of millions of vulnerable computers.
How to Back up Windows to Safeguard Your Computer? Try MiniTool!
Dissimilar to BlueKeep, these two critical vulnerabilities affect Windows 10, including Server versions, as well as Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1 and Windows Server 2012R2. Fortunately, other operating systems, like Windows XP, will not be affected.
In fact, Windows 10 users are more than 800M. With so many different versions are affected, the number of affected would be massive.
Pope, Microsoft’s Director of Incident Response, said that it is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide.
And ZDNet also warns users that it is now a race to patch before attacks get underway. Thus, Microsoft warns Windows 10 users to update immediately.
However, computers with network level authentication are partly protected since crooks would need to authenticate before making a request. It means that an attack could not spread without human interaction on NLA-enabled systems.
Of course, to better protect your computer from the two critical vulnerabilities, you had better perform Windows update immediately.
How to Perform Windows Update?
If you have enabled the automatic update of your operating system, your computer will be protected.
If you have not enabled Windows automatic update, you can press Windows key and I key together to open Settings. Next, choose Update & Security. Then choose Check for Update to continue.
When you have finished all steps, you also have finished the Windows update. Maybe it will prevent your computer from the two critical remote code execution attacks.
Final Words
To sum up, this post has introduced two critical remote code execution vulnerabilities. It will be exploited without user interaction by sending a specially-crafted remote desktop protocol (RDP) message to RDS. So the attacker can delete files or do something else on your computer with full rights. To avoid such vulnerabilities, Microsoft warns Windows 10 users to update immediately.
User Comments :