This month's dose of Patch Tuesday updates from Microsoft contains patches for four Windows vulnerabilities that can be exploited over a network without requiring any user interaction. The four bugs were found in the Remote Desktop Services (RDS) component and it's highly recommended to update your system as soon as possible due to their wormable nature. Windows 7, 8, and 10 and Server 2008, 2012, 2016, and 2019 are all affected.
Why a Windows flaw patched nine days ago is still spooking the Internet
Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services (RDS), which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226—make it possible for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as is often done in large organizations.
In such networks, it’s possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.