Endpoint Protection

Patch new wormable vulnerabilities in Remote Desktop Services

  • 1.  Patch new wormable vulnerabilities in Remote Desktop Services

    Posted Aug 14, 2019 10:42 AM
    Remember Conficker and Wannacry.  These threats exploit "fresh" vulnerabilities where patches were already available for at least 2-3 months and still Wreak havoc around the world.  
    Now Microsoft is warning users not to repeat the history and we should take this seriously.  Yesterday (August 13), Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed 'BlueKeep' vulnerability (CVE-2019-0708), these two vulnerabilities are also 'wormable', meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. 

    Guys, this is a ticking timebomb! 

    Pro-tip, if you are using FortiClient, check your vulnerability dashboard on FortiClient EMS and be on the lookout for these vulnerabilities.  It is possible that you already rolled out these patches, or urged your users to install the latest Windows 10 security update.  Unfortunately, as we all know, end-users don't always listen to us.  It is also possible that they have installed the patches/security updates but it is pending re-start.  

    With the Vulnerability dashboard, you can identify the stragglers.  Next, you can take the carrot and stick approach.  You can remind them, nudge them.  If that doesn't work, then go to FortiGate Security Fabric and quarantine these endpoints so at least you protect your network and will avoid an epidemic.  

    Tsailing Merrem