Wednesday, May 14, 2025
HomeExploit2 "Wormable" Bluekeep Based RCE Bugs in Windows Remote Desktop Services let...

2 “Wormable” Bluekeep Based RCE Bugs in Windows Remote Desktop Services let Hackers Control Your System Remotely

Published on

SIEM as a Service

Follow Us on Google News

Microsoft released new security updates under Patch Tuesday for August and fixed more than 90 vulnerabilities including 2 Bluekep based “wormable “remote code execution vulnerabilities that reside in the windows remote desktop services.

Same as Bluekeep RDP flaw, newly discovered two RCE vulnerabilities (CVE-2019-1181 and CVE-2019-1182) in remote desktop services are “Wormable” that means attackers propagate the malware from one vulnerable computer to another computer without any user interaction.

Both RCE vulnerabilities are discovered by Microsoft during the internal research, and there is no evidence found that the vulnerabilities are being exploited.

- Advertisement - Google News

It affected several Windows version including Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Exploit the Windows Remotely without User Interaction

These critical “Wormable” RCE vulnerabilities were found in Remote Desktop Services – formerly known as Terminal Services, and it allows attacker remotely connects the vulnerable systems using RDP and send the specially crafted requests.

Since the vulnerabilities are pre-authenticated, Without any user interaction, an attacker will remotely exploit the vulnerable windows system and execute the arbitrary code remotely.

Also, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“Affected systems must be patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities are potentially dangerous, and the patch has been released to protect from ‘wormable’ malware or advanced malware threats that could exploit these RCE vulnerabilities.”

Microsoft Security Update for August

Microsoft patch Tuesday security contains fixes of 93 vulnerabilities that affected the various Microsoft product and services.

Out of 93 vulnerabilities, 29 are rated as “Critical Severity” that includes “Wormable” Remote desktop services and a remote code execution flaw in Microsoft Word.

Microsoft patched totally 4 RDS flaws including 2 “Wormable ” (CVE-2019-1181 CVE-2019-1182, CVE-2019-1222, CVE-2019-1226) and all the 4 vulnerabilities can be exploited without authentication or user interaction.

Microsoft fixed the vulnerabilities that reside in the following software

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Visual Studio
  • Online Services
  • Active Directory
  • Microsoft Dynamics

Critical RCE bug (CVE-2019-1201) that existing in Microsoft Word due to improper handling of objects in memory let hackers send a specially crafted Word document, and exploit the system without open it.

Another 2 remote code execution vulnerabilities  (CVE-2019-0720 and CVE-2019-0965) are patched that affected Hyper-V and Hyper-V Network Switch allows authenticated user on a guest system to run arbitrary code on the host system.

Microsoft also fixed LNK Remote Code Execution Vulnerability (CVE-2019-1188)that allow an attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the August 2019 Patch here.

If you’re unsure how Patch Tuesday affects you and your organization, then join us this month to discuss with ManageEngine .

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)

Security researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied...

Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access

A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz...

Microsoft Teams to Safeguard Meetings by Blocking Screen Snaps

Microsoft has announced the upcoming release of a groundbreaking "Prevent Screen Capture" feature for...