CVE-2019-1181: Microsoft Windows BlueKeep-like Vulnerabilities Found
CYBER NEWS

CVE-2019-1181: Microsoft Windows BlueKeep-like Vulnerabilities Found

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Microsoft Windows users should be well aware that there are a number of dangerous vulnerabilities which have recently been detected. They are four and appear to be very similar to the BlueKeep Flaw on which we reported earlier. These bugs allow malicious to carry out Remote Desktop Protocol (RDP) attacks and take over control of the target computers. The flaws are particularly dangerous as they allow easy access into thousands of hosts worldwide.




CVE-2019-1181: The Four BlueKeep-like Vulnerabilities Can Be Used in Global Attacks

Thousands of Microsoft Windows users are risk of being hacked due to a new set of vulnerabilities that have just been announced. Reports indicate that they are labeled as Bluekeep-Like due to the fact that they abuse a flaw in the Remote Desktop Protocol (RDP) used to carry out remote login sessions. This is particularly worrying in company networks where the hackers can easily penetrate several hosts at once.

The attacks can be done by using a special hacking tool that is capable of carrying out active RDP scanning against IP ranges. If an unpatched system is detected the platforms will instantly probe the hosts with the vulnerabilities. No user interaction is required to commit the flaws.

Related:
CVE-2019-0708: BlueKeep Vulnerability Leveraged Against Hospitals

The worrying factor is that the vulnerabilities affect many versions of the Microsot Windows operating system:

Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008

The four vulnerabilities that are part of this collection includes the following:

  • CVE-2019-1181 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1182 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1222 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-1226 — A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

At the moment there are no known impacted systems and attacks in the wild. Instead of merely creating the possibility to take over control of the systems with a Trojan host the BlueKeep-like vulnerabilities can be used to implant dangerous threats such as ransomware or cryptocurrency miners among others. Microsoft has released security updates that should be applied as soon as possible to prevent any possible hacker abuse.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...