HKCert
HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

Security Blog

New Vulnerabilities in Remote Desktop Service (RDS) Affecting Most Current Windows Versions

Release Date: 15 / 08 / 2019
Last Update: 15 / 08 / 2019

Microsoft has just released patches in its August Monthly Security Update for 2 newly discovered vulnerabilities in Remote Desktop Services (RDS). Similar to the “BlueKeep” vulnerability, the new vulnerabilities can be exploited to engineer a worm-like outbreak in the Internet, poising a serious threat to cyber security. HKCERT urges the public once again to pay attention to the vulnerabilities occurring within RDS, and to install the up-to-date patches immediately to mitigate the risk.

 

The two new vulnerabilities affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, as well as all supported versions of Windows 10, including server versions. For workstations having Windows 7 SP1 or Windows Server 2008 R2 SP1 installed, the vulnerabilities only affect if either RDP 8.0 or RDP 8.1 is installed.

 

As Microsoft has already released security patches to address the vulnerabilities, HKCERT recommends all users to apply up-to-date security patches from official software provider to avoid unnecessary risks. Users may also refer to the security blog on “BlueKeep” vulnerability (https://www.hkcert.org/my_url/en/blog/19052301) for other remedial actions.

 

Reference Link:

https://www.hkcert.org/my_url/en/alert/19081401