Microsoft warns users that systems running all versions of Windows 10, Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2 users to update immediately due to Wormable RDS (Remote Desktop Services) Vulnerabilities.
Microsoft’s latest August 2019 Patch update fixed over 90 flaws, including the two critical RDS vulnerabilities that can be exploited by sending specially crafted requests to the targeted system via RDS. Exploitation of the vulnerabilities does not require any user interaction or authentication.
Microsoft’s warns users the two vulnerabilities, CVE-2019-1181 and CVE-2019-1182, which the company says are similar to the bug tracked as BlueKeep and CVE-2019-0708 and are both Wormable.
Microsoft had two other RDS flaws resolved this month, CVE-2019-1222 and CVE-2019-1226, which has a very similar description and was also more likely to be exploited in malicious attacks.
CVE-2019-1181 and CVE-2019-1182 appear to impact all supported versions of Windows, while CVE-2019-1222 and CVE-2019-1226 only affect Windows 10, Windows Server, and Windows Server 2019.