Microsoft patches abundance of "critical" and "wormable" Windows vulnerabilities

BlueKeep-like RCE flaws featured among the 93 bugs patched by Microsoft

Microsoft's flagship OS Windows 10 on a purple graphic

Microsoft has released fixes for a smorgasbord of issues on the second 'Patch Tuesday' of the month, including multiple remote code execution flaws.

A total of 93 bugs were reported in total, 29 of which were rated "critical" in severity and 64 as "important". However, none of these were zero-days or publicly disclosed vulnerabilities.

Simon Pope, director of incident response at Microsoft has also said two of the four remote code execution (RCE) issues are "wormable", bearing some resemblance to the (now patched) BlueKeep vulnerabilities discovered in May.

However, security researcher Kevin Beaumont tweeted that, in fact, "3 of the vulnerabilities are wormable, unless I'm missing something (as CVE-2019-1226)".

"By the way, this looks like it is much more serious than BlueKeep as there are so many different issues," Beaumont added. "Do not disable NLA."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Wormable vulnerabilities are cause for concern because, unlike normal malware infections, these issues can spread between computers without user interaction - like by visiting a dodgy link or downloading a suspicious email attachment.

The four RCEs were found in the Windows Remote Desktop Services (RDS) component and affected all modern versions of Windows going back to Windows 7. An attacker could abuse the Windows Remote Desktop Protocol (RDP), which is used to operate one computer from another over a network connection, by sending specially crafted requests without the need for authentication or user interaction.

"Once exploited, an attacker would be able to gain arbitrary code execution on the system, allowing them to perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data," said Satnam Narang, senior research engineer at Tenable.

"These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products," said Pope. "At this time, we have no evidence that these vulnerabilities were known to any third party.

Justin Campbell, security research and exploit mitigations at Microsoft tweeted "the team successfully built a full exploit chain using some of these [RCEs], so it's likely someone else will as well", highlighting the necessity of applying Microsoft's patches expeditiously.

Advertisement - Article continues below

One of the other patched flaws of note was the one concerning the encryption key negotiation of Bluetooth which allowed attackers within Bluetooth range to manipulate legitimate wireless signals and gain access to a victim's machine.

With a CVSS score of 9.3, it was one of the issues rated "important" and required specialised hardware and close proximity to the victim to exploit.

All users have been recommended to ensure Network Level Authentication (NLA) is enabled inside RDP as it provides an extra layer of defence by raising exploitation requirements for some flaws to require credentials.

Although NLA protects against the wormability of the aforementioned RCEs, it's believed that some of the other vulnerabilities are still exploitable even with NLA enabled which means patching is of vital importance, as is taking all other methods of mitigation.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020