Information Technologies strongly recommends you immediately update any systems running supported Windows OS versions (client and server) with the 2019-08 cumulative or security only patch.
As part of its August 13th patch bundle, Microsoft has released fixes for multiple CRITICAL RISK vulnerabilities in Remote Desktop Protocol (RDP) that could enable a remote attacker to get full access to a system by sending a malicious RDP request to the victim’s computer.
All supported Windows OS versions (client and server) are affected.
- Vulnerabilities
-
- CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 and CVE-2019-1226
- https://www.infosecurity-magazine.com/news/microsoft-warns-of-new-wormable/
- Remediation
- Windows operating systems should be updated with the 2019-08 cumulative or security only patch (the exact KB number is different per OS/patch level). A reboot is required.
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
As always, appropriate vendor-supplied patches or upgrades should be applied as soon as possible. If patching is not feasible, risk can be managed by removing the vulnerable system from service.
Please direct questions to the IT Support Center at askit@udel.edu or 302-831-6000.