Today Microsoft released a number of security fixes to address 79 vulnerabilities across multiple Microsoft products. A handful of fixes have raised concerns in the security domain, as they are being used actively in the wild as zero day attacks. One in particular (CVE-2019-07) has the potential to be a global WannaCry level event.
CVE-2019-0863 was discovered by Palo Alto Network sand PolarBear security researchers, and have been used in the wild by hackers to elevate access on compromised systems from a regular account to one with admin access.
Details about these attacks are still being kept quiet to give users more time to patch before other threat actors catch on and start abusing the same vulnerability for their own attacks. Microsoft however has said it addressed the issue by “correcting the way WER handles files,” and has made fixes available for all supported Windows OS versions.
The other big one is a critical Remote Code Execution vulnerability CVE-2019-0708, in Remote Desktop Services (formerly known as Terminal Services). This vulnerability affects Windows 7, Server 2008 R2, XP and Server 2003.
The security fix should be applied as a priority – as the “worm”able bug provides a way for an unauthenticated attacker targeting vulnerable systems with Remote Desktop Protocol enabled to exploit the flaw to gain remote code-execution.
Microsoft has also taken extra steps relating to this vulnerability by deploying additional patches to Windows XP and Windows 2003, neither of which are still supported via monthly Patch Tuesday updates.
It is highly probably that this vulnerability will be exploited in the wild in the very near future when attackers develop exploit code, hence why everyone is encouraged to patch asap.
Further details are available on the Microsoft Security Update Guide portal.
There’s also a number of other security advisories, but the bottom line is…
Patch patch patch asap folks!