Four New BlueKeep-Like Wormable RDP Exploits Target Microsoft Windows — Blue's Clues

The updates include patches for four severe "wormable" security exploits that can let attackers spread malware without any user action, similar to WannaCry and the BlueKeep vulnerability that coerced Microsoft into releasing a rare post-death patch for Windows XP.

Earlier this week, Microsoft released a patch for two major security flaws which it detected in the Windows Desktop Services package (RDS).

The BlueKeep exploit code (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol, which allows for the possibility of remote code execution.

Just as exploits for Microsoft's BlueKeep bug make it into the wild, the company has announced another set of vulnerabilities in Windows that is equally unsafe - and this time, it also affects Windows 10 systems.

UEFA Player of the Year Finalists Announced
UEFA confirmed the names of the three finalists for the award that Real Madrid's Croatian player Luka Modric received a year ago. The victor will be revealed during the draw of the group stage of the Champions League on August 29 in Monaco .


Those eager to patch their Windows system against Microsoft's vulnerabilities can install the fixes through Windows Update now; Intel's software patches, meanwhile, require manual installation using the above links. Still, if they're even remotely as unsafe as Bluekeep-pun intended-then you should make sure you've updated Windows right away.

Other more radical suggestions include running a fix install on Windows 10, but rather than take more drastic action, many folks are simply preferring to pause updates for now, and hope Microsoft gets this sorted in short order. There is a risk of security on millions of computers and laptops around the world with Windows 10. The company also said they had no evidence of any type of "attack" using the two issues.

Enabling NLA adds a layer of protection against these kinds of attacks, but even then, an attacker could still exploit the vulnerabilities-it would just be more hard because they would need authentication credentials. Explaining the security vulnerability, Microsoft said, "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC)". It's a flaw noted by the CERT Coordination Center, with a high 9.3 score per the Common Vulnerability Scoring System, even though an attacker would need "specialized hardware" and would have to be within range of a Bluetooth device. The update failed to install for some users while others experienced random restarts following the update.

For its part, Microsoft told ZDNet they patched the bug Ormandy reported this month.

  • Delia Davidson