Home > Cyber News > CVE-2019-1181: Microsoft Windows BlueKeep-like Vulnerabilities Found
CYBER NEWS

CVE-2019-1181: Microsoft Windows BlueKeep-like Vulnerabilities Found

by   |  Last Update:  |  0 Comments  

Microsoft Windows users should be well aware that there are a number of dangerous vulnerabilities which have recently been detected. They are four and appear to be very similar to the BlueKeep Flaw on which we reported earlier. These bugs allow malicious to carry out Remote Desktop Protocol (RDP) attacks and take over control of the target computers. The flaws are particularly dangerous as they allow easy access into thousands of hosts worldwide.




CVE-2019-1181: The Four BlueKeep-like Vulnerabilities Can Be Used in Global Attacks

Thousands of Microsoft Windows users are risk of being hacked due to a new set of vulnerabilities that have just been announced. Reports indicate that they are labeled as Bluekeep-Like due to the fact that they abuse a flaw in the Remote Desktop Protocol (RDP) used to carry out remote login sessions. This is particularly worrying in company networks where the hackers can easily penetrate several hosts at once.

The attacks can be done by using a special hacking tool that is capable of carrying out active RDP scanning against IP ranges. If an unpatched system is detected the platforms will instantly probe the hosts with the vulnerabilities. No user interaction is required to commit the flaws.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2019-0708-bluekeep-vulnerability/”]
CVE-2019-0708: BlueKeep Vulnerability Leveraged Against Hospitals

The worrying factor is that the vulnerabilities affect many versions of the Microsot Windows operating system:

Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008

The four vulnerabilities that are part of this collection includes the following:

  • CVE-2019-1181 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1182 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1222 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1226 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

At the moment there are no known impacted systems and attacks in the wild. Instead of merely creating the possibility to take over control of the systems with a Trojan host the BlueKeep-like vulnerabilities can be used to implant dangerous threats such as ransomware or cryptocurrency miners among others. Microsoft has released security updates that should be applied as soon as possible to prevent any possible hacker abuse.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2019-0708: BlueKeep Vulnerability Leveraged Against Hospitals The BlueKeep Vulnerability which is tracked in the CVE-2019-0708 is...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. RDP Port Shield: New Tool Protects against Ransomware and Brute Force Attacks Ransomware continues to be a top threat to both individuals...
  4. .rdp Virus File (Paradise Ransomware) – How To Remove .rdp file extension is placed on all of your files?...
  5. Remove Rdp Virus Rdp Virus Rdp virus is a malicious software identified as...
  6. Top 5 Most Dangerous Microsoft Office Vulnerabilities Let’s see why hackers love exploiting specific Microsoft Office vulnerabilities....
  7. Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild April 2019 Patch Tuesday is here, consisting of fixes for...
  8. The Windows User Security Bible: Vulnerabilities and Patches If you’re one of those conscious users who acquaint themselves...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree