Microsoft patches two new BlueKeep-like bugs

By Dylan Bushell-Embling
Wednesday, 14 August, 2019

Microsoft has issued a set of fixes for two critical remote code execution vulnerabilities with characteristics similar to the high-profile BlueKeep vulnerability.

Like the original BlueKeep vulnerability, the two newly discovered vulnerabilities are wormable, meaning that malware using these exploits could propagate between computers without any user interaction required.

Also like BlueKeep, both new vulnerabilities exist within the Remote Desktop Services component of affected versions of Windows.

They could allow an authenticated attacker to connect to a target system using Remote Desktop Protocol and send specially crafted requests that could allow them to install programs; view, change, or delete data; or create new accounts with full user rights.

But unlike BlueKeep, the new vulnerabilities impact newer operating systems, including all supported versions of Windows 10.

Also unlike BlueKeep, obsolete operating systems such as Windows XP are not affected, alleviating Microsoft of the need to release another emergency patch for the out of support operating systems.

Microsoft said the company discovered the vulnerabilities themselves as part of its continual efforts to strengthen the security of its products, and that it has no evidence at this time that these vulnerabilities were known to any third party.

Implementing Network Level Authentication acts as a partial mitigation, but affected systems are still vulnerable to remote code execution exploitation if an attacker has managed to secure valid credentials.

Microsoft’s disclosure came shortly after the Australian Signals Directorate issued a security alert warning that a potential exploit has been developed for the original BlueKeep vulnerability and been disclosed to Metasploit.

The vulnerabilities were two of 93 vulnerabilities patched during this month’s Patch Tuesday security update releases.

These included 27 other critical vulnerabilities, including two other remote code execution flaws in the remote desktop services component of Windows. There were also 23 other remote code execution vulnerabilities in various components including Outlook, Word and the Chakra and VBScript scripting engines.

Image credit: ©stock.adobe.com/au/enzozo

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.