RDP is vulnerable again, as Microsoft just patched multiple new vulnerabilities in the RDS component on most Windows operating systems, both servers, and clients. These new vulnerabilities are described as even more likely to be exposed by attackers than the previous BlueKeep vulnerability.
Microsoft urges end-users to patch both servers and clients immediately. For systems where RDS and RDP are enabled, it’s also highly recommended to enable NLA (Network Layer Authentication) for security reasons.
Affected systems this time around are:
· Clients: 7, 8.1 and 10 (all supported versions)
· Servers: 2008 R2, 2012 R2, 2016, 2019
Consequences and mitigation for these new vulnerabilities are similar to the previous vulnerability BlueKeep, which we wrote about not too long ago. We recommend you take a look at that article here >
Sources:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-windows-10-wormable-remote-desktop-flaws/
Stay safe!
