New Vulnerabilities in Remote Desktop Service (RDS) Affecting Most Current Windows Versions
Microsoft has just released patches in its August Monthly Security Update for 2 newly discovered vulnerabilities in Remote Desktop Services (RDS). Similar to the “BlueKeep” vulnerability, the new vulnerabilities can be exploited to engineer a worm-like outbreak in the Internet, poising a serious threat to cyber security. HKCERT urges the public once again to pay attention to the vulnerabilities occurring within RDS, and to install the up-to-date patches immediately to mitigate the risk.
The two new vulnerabilities affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, as well as all supported versions of Windows 10, including server versions. For workstations having Windows 7 SP1 or Windows Server 2008 R2 SP1 installed, the vulnerabilities only affect if either RDP 8.0 or RDP 8.1 is installed.
As Microsoft has already released security patches to address the vulnerabilities, HKCERT recommends all users to apply up-to-date security patches from official software provider to avoid unnecessary risks. Users may also refer to the security blog on “BlueKeep” vulnerability (/my_url/en/blog/19052301) for other remedial actions.