Service Notices
Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181/CVE-2019-1182)
Aug 15, 2019 GMT+08:00
I. Overview
According to the Microsoft Security Update Guide of August, two remote code execution vulnerabilities exist in Remote Desktop Services (CVE-2019-1181/CVE-2019-1182). These vulnerabilities are pre-authenticated requiring no user interaction and are "wormable", meaning any malware that exploits these vulnerabilities can spread from infected computers to other vulnerable computers, like the vulnerability (CVE-2019-0708) previously fixed by Microsoft on May 14, 2019 and the malware WannaCry widely spread in 2017.
HUAWEI CLOUD hereby reminds tenants to implement system check and security hardening.
Reference links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected Windows versions:
Windows 7 SP1
Windows 8.1
Windows Server 2008 R2 SP1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
All Windows 10 versions
Secure Windows versions:
Windows XP
Windows Server 2003
Windows Server 2008
IV. Solutions
Microsoft official patch is available. If your versions are affected, update as soon as possible.
You can perform automatic update through Windows Update, or visit the following link to download the patch and update manually:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
Other workarounds:
1. Enable network level authentication (NLA). For details, see the following link:
2. Deploy security policies on the border firewall or on the enterprise network to prevent TCP port 3389.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.