Microsoft patches abundance of "critical" and "wormable" Windows vulnerabilities

BlueKeep-like RCE flaws featured among the 93 bugs patched by Microsoft

Microsoft's flagship OS Windows 10 on a purple graphic

Microsoft has released fixes for a smorgasbord of issues on the second 'Patch Tuesday' of the month, including multiple remote code execution flaws.

A total of 93 bugs were reported in total, 29 of which were rated "critical" in severity and 64 as "important". However, none of these were zero-days or publicly disclosed vulnerabilities.

Simon Pope, director of incident response at Microsoft has also said two of the four remote code execution (RCE) issues are "wormable", bearing some resemblance to the (now patched) BlueKeep vulnerabilities discovered in May.

However, security researcher Kevin Beaumont tweeted that, in fact, "3 of the vulnerabilities are wormable, unless I'm missing something (as CVE-2019-1226)".

"By the way, this looks like it is much more serious than BlueKeep as there are so many different issues," Beaumont added. "Do not disable NLA."

Wormable vulnerabilities are cause for concern because, unlike normal malware infections, these issues can spread between computers without user interaction - like by visiting a dodgy link or downloading a suspicious email attachment.

The four RCEs were found in the Windows Remote Desktop Services (RDS) component and affected all modern versions of Windows going back to Windows 7. An attacker could abuse the Windows Remote Desktop Protocol (RDP), which is used to operate one computer from another over a network connection, by sending specially crafted requests without the need for authentication or user interaction.

"Once exploited, an attacker would be able to gain arbitrary code execution on the system, allowing them to perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data," said Satnam Narang, senior research engineer at Tenable.

"These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products," said Pope. "At this time, we have no evidence that these vulnerabilities were known to any third party.

Justin Campbell, security research and exploit mitigations at Microsoft tweeted "the team successfully built a full exploit chain using some of these [RCEs], so it's likely someone else will as well", highlighting the necessity of applying Microsoft's patches expeditiously.

One of the other patched flaws of note was the one concerning the encryption key negotiation of Bluetooth which allowed attackers within Bluetooth range to manipulate legitimate wireless signals and gain access to a victim's machine.

With a CVSS score of 9.3, it was one of the issues rated "important" and required specialised hardware and close proximity to the victim to exploit.

All users have been recommended to ensure Network Level Authentication (NLA) is enabled inside RDP as it provides an extra layer of defence by raising exploitation requirements for some flaws to require credentials.

Although NLA protects against the wormability of the aforementioned RCEs, it's believed that some of the other vulnerabilities are still exploitable even with NLA enabled which means patching is of vital importance, as is taking all other methods of mitigation.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021