[Vulnerability Warning] Windows Remote JD desktop RDP remote code executes vulnerability

2019-08-20 15:52:35
Dear user

Recently, JD Cloud Security Team monitored the emergency security patch released office by Microsoft and fixed remote execution code vulnerability (CVE-2019-1181/1182) for Windows remote desktop service.

[Vulnerability Description]

Attackers can use this vulnerability to obtain Windows server permissions. In order to prevent your business from being affected, JD Cloud security team recommends you to conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.

[Vulnerability Rating]

CVE-2019-1181 Severe

CVE-2019-1182 Severe

[Affected Version]

Windows 7

Windows 8

Windows 10

Windows Server 2008 R2

Windows Server 2008

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

[Security Recommendations]

1. [Suggestion] Patch update (it is suggested that you backup data and images before installing the patch), Open Windows Update and click "Check for Updates", perform the evaluation according to the business situation, download and install the corresponding security patches, reboot the system after the update for taking effect and observe the operation status of system and business.

Manual Download Address:

Windows Server 2008 R2:

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/08/windows6.1-kb4512486-x64_547fe7e4099c11d494c95d1f72e62a693cd70441.msu

Windows Server 2012 R2:

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/08/windows8.1-kb4512489-x64_be2ed8f4ee800d8c39e5025c5d95808858077c05.msu

Windows Server 2016:

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/08/windows10.0-kb4512517-x64_81ba5a17cf768a54489faf28ba3a3eca3c0c36d5.msu

2. [Mitigation] Enable Network Level Authentication (NLA): Open the "Control Panel" menu in Windows and find "System and Security - System - Remote Settings" option, find "Remote" option card, select "Only allow computer connections (more secure) that run on remote desktops using Network Level Authentication" to enable.

3. [Mitigation] Configure Security Group: Temporarily disables RDP service ports from external access or access with authorized specific IP.

[Reference Link]

1. Official Update Announcement:https://portal.msrc.microsoft.com/en-us/security-guidance

2. Microsoft Official Warning:https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/?from=timeline&isappinstalled=0


JD Cloud team

2019-08-20 15:52:35