Microsoft patches abundance of "critical" and "wormable" Windows vulnerabilities

BlueKeep-like RCE flaws featured among the 93 bugs patched by Microsoft

Microsoft's flagship OS Windows 10 on a purple graphic

Microsoft has released fixes for a smorgasbord of issues on the second 'Patch Tuesday' of the month, including multiple remote code execution flaws.

A total of 93 bugs were reported in total, 29 of which were rated "critical" in severity and 64 as "important". However, none of these were zero-days or publicly disclosed vulnerabilities.

Simon Pope, director of incident response at Microsoft has also said two of the four remote code execution (RCE) issues are "wormable", bearing some resemblance to the (now patched) BlueKeep vulnerabilities discovered in May.

However, security researcher Kevin Beaumont tweeted that, in fact, "3 of the vulnerabilities are wormable, unless I'm missing something (as CVE-2019-1226)".

"By the way, this looks like it is much more serious than BlueKeep as there are so many different issues," Beaumont added. "Do not disable NLA."

Advertisement
Advertisement - Article continues below

Wormable vulnerabilities are cause for concern because, unlike normal malware infections, these issues can spread between computers without user interaction - like by visiting a dodgy link or downloading a suspicious email attachment.

The four RCEs were found in the Windows Remote Desktop Services (RDS) component and affected all modern versions of Windows going back to Windows 7. An attacker could abuse the Windows Remote Desktop Protocol (RDP), which is used to operate one computer from another over a network connection, by sending specially crafted requests without the need for authentication or user interaction.

"Once exploited, an attacker would be able to gain arbitrary code execution on the system, allowing them to perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data," said Satnam Narang, senior research engineer at Tenable.

"These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products," said Pope. "At this time, we have no evidence that these vulnerabilities were known to any third party.

Justin Campbell, security research and exploit mitigations at Microsoft tweeted "the team successfully built a full exploit chain using some of these [RCEs], so it's likely someone else will as well", highlighting the necessity of applying Microsoft's patches expeditiously.

One of the other patched flaws of note was the one concerning the encryption key negotiation of Bluetooth which allowed attackers within Bluetooth range to manipulate legitimate wireless signals and gain access to a victim's machine.

With a CVSS score of 9.3, it was one of the issues rated "important" and required specialised hardware and close proximity to the victim to exploit.

All users have been recommended to ensure Network Level Authentication (NLA) is enabled inside RDP as it provides an extra layer of defence by raising exploitation requirements for some flaws to require credentials.

Although NLA protects against the wormability of the aforementioned RCEs, it's believed that some of the other vulnerabilities are still exploitable even with NLA enabled which means patching is of vital importance, as is taking all other methods of mitigation.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019