Windows Remote Desktop Services RCE Vulnerability DejaBlue (CVE-2019-1181) and (CVE-2019-1182) | Daisy Corporate Services

Windows Remote Desktop Services RCE Vulnerability DejaBlue (CVE-2019-1181) and (CVE-2019-1182)

19th August 2019

Daisy have received an advisory relating to a number of critical vulnerabilities which are wormable in Microsoft’s Remote Desktop Services namely (CVE-2019-1181) and (CVE-2019-1182). These vulnerabilities have been given a common name of DejaBlue which follow on from the previous BlueKeep vulnerability which was disclosed in May this year. These new vulnerabilities happen pre-authentication and require no user interaction.

Further information is available from Microsoft below.
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
Affected Platforms:
Windows 7 SP1 (Only if RDP 8.0 or RDP 8.1 is installed)
Windows Server 2008 R2 SP1, (Only if RDP 8.0 or RDP 8.1 is installed)
Windows Server 2012,
Windows 8.1,
Windows Server 2012 R2,
All supported versions of Windows 10, including server versions

Other Remote Desktop vulnerabilities have also been released which are critical but aren’t wormable, these still need to be patched quickly namely (CVE-2019-1222) and (CVE-2019-1226)

Further information is available from Microsoft below.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
Affected Platforms:
Windows 10 for 32-bit Systems
Windows 10 for x64 Systems
Windows 10 for ARM64
Windows Server 2019

At the time of publication, there are no known exploits for these vulnerabilities however active exploitation of these vulnerabilities is likely to occur sooner than the prior BlueKeep RDP vulnerability CVE-2019-0708 due to them being easier to exploit.

Daisy will deploy patches to customer systems in line with our normal patching policies for Microsoft’s monthly update cycle, for systems for which we have responsibility and where appropriate support is in place. As such, a substantial Windows patching operation is underway across both Daisy’s own and our customers’ compute estates.

Daisy will continue to follow closely advisories provided by Microsoft and the National Cyber Security Centre (NCSC) regarding this vulnerability, and further updates will be posted here as appropriate.