Microsoft patches two new BlueKeep-like bugs
Microsoft has issued a set of fixes for two critical remote code execution vulnerabilities with characteristics similar to the high-profile BlueKeep vulnerability.
Like the original BlueKeep vulnerability, the two newly discovered vulnerabilities are wormable, meaning that malware using these exploits could propagate between computers without any user interaction required.
Also like BlueKeep, both new vulnerabilities exist within the Remote Desktop Services component of affected versions of Windows.
They could allow an authenticated attacker to connect to a target system using Remote Desktop Protocol and send specially crafted requests that could allow them to install programs; view, change, or delete data; or create new accounts with full user rights.
But unlike BlueKeep, the new vulnerabilities impact newer operating systems, including all supported versions of Windows 10.
Also unlike BlueKeep, obsolete operating systems such as Windows XP are not affected, alleviating Microsoft of the need to release another emergency patch for the out of support operating systems.
Microsoft said the company discovered the vulnerabilities themselves as part of its continual efforts to strengthen the security of its products, and that it has no evidence at this time that these vulnerabilities were known to any third party.
Implementing Network Level Authentication acts as a partial mitigation, but affected systems are still vulnerable to remote code execution exploitation if an attacker has managed to secure valid credentials.
Microsoft’s disclosure came shortly after the Australian Signals Directorate issued a security alert warning that a potential exploit has been developed for the original BlueKeep vulnerability and been disclosed to Metasploit.
The vulnerabilities were two of 93 vulnerabilities patched during this month’s Patch Tuesday security update releases.
These included 27 other critical vulnerabilities, including two other remote code execution flaws in the remote desktop services component of Windows. There were also 23 other remote code execution vulnerabilities in various components including Outlook, Word and the Chakra and VBScript scripting engines.
Mimecast dug through over 67 billion emails rejected as spam, opportunistic and targeted attacks...
Cyber attackers are turning their focus to SMBs as larger corporations tighten their security,...
Carbon Black's Cognitive Attack Loop model identifies three phases of cybercriminal behaviour...