This week, Microsoft announced a whole new round of vulnerabilities in Remote Desktop Protocol. There are seven new RDP security vulnerabilities in total; however, the focus is on the two that are wormable. Referring to their similarity to BlueKeep, this pair of vulnerabilities is known as DejaBlue.

CVE-2019-1181 and CVE-2019-1182 both have a severity score of 9.8 out of 10 by Common Vulnerability Scoring System (CVSS).

These vulnerabilities affect the following systems:

• Windows 7 SP1
• Windows Server 2008 R2 SP1
• Windows Server 2012, Windows 8.1
• Windows Server 2012 R2
• All supported versions of Windows 10, including server versions.

If you have automatic updates enabled, you’ll receive fixes for these vulnerabilities automatically.

If you’re not automatically receiving updates, we recommend an additional step:

1. Enable Network-Level Authentication.

2. Download and install the patch for these vulnerabilities.

If you don’t need RDP or you’re not using it:

• Set up a firewall rule to block TCP port 3389. This change prevents RDP from establishing a connection.

• Disable RDP.

If you have any questions about this vulnerability and your specific services here at Vivio, please let us know!

References:

Bradbury, Danny. (2019, August 14). Patch time! Microsoft warns of new worm-ready RDP bugs. Retrieved from https://nakedsecurity.sophos.com/2019/08/14/microsoft-warns-of-new-worm-ready-rdp-bugs/

Greenberg, Andy. (2019, August 13). Dejablue: New Bluekeep-Style Bugs Renew the Risk of a Windows Worm. Retrieved from https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/

Pope, Simon. (2019, August 13). Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182). Retrieved from https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/