Recently, the company released a set of patches for two newly discovered 'BlueKeep-Like vulnerabilities" that impact a wide range of Windows Operating Systems.
These bugs plague the company's remote desktop services and permit malware to spread rapidly from one device to another.
Remote Desktop Services is an older technology that's been an integral part of the Microsoft Windows environment for decades. It's a good idea and a widely used technology that allows Windows users to remotely access another computer over a network. Unfortunately, flaws in the system allow malicious third parties to gain control over the system and spread malware via remote code execution.
The two most recently discovered bugs are being tracked as CVE-2019-1181 and CVE-2019-1182. They were discovered by Microsoft during one of the company's routine security checks. Patches were released for both as part of the company's August Patch Tuesday.
As the company explained in a recent blog post
"These two vulnerabilities are also 'wormable,' meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction."
The operating systems vulnerable to the newly discovered bugs
- Windows 7, Service Pack 1
- Windows Server 2008 R2, Service Pack 1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10, including server versions
At present, Microsoft has no statistics about how many machines in the Windows ecosystem are vulnerable to the two new bugs. The company has detected no third-party manipulations of the vulnerabilities to this point, but they recommend immediately applying the relevant patches in order to mitigate risk.
Unfortunately, recent reports have revealed that many businesses have been slow to respond to the threat that BlueKeep vulnerabilities represent. If your company is among them, the time to act is now.
As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.