Security Update:Microsoft has released security updates to address two wormable remote code execution vulnerabilities. Wormable vulnerabilities create elevated risks.
Date and Time
Microsoft has released security updates to address two wormable remote code execution vulnerabilities. Wormable vulnerabilities create elevated risks.
Advanced Users: For the full description of the vulnerabilities go to:
- Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
- Microsoft Security Vulnerability Information for CVE-2019-1181
- Microsoft Security Vulnerability Information for CVE-2019-1182
- Microsoft Security Blog Post: Protect Against BlueKeep
- Microsoft Customer Guidance for CVE-2019-0708
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
WHAT'S THE PROBLEM?
An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.
WHAT DO YOU NEED TO DO?
Install the latest versions:
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, please review the VU listed at the above link for update information.
- IT Security - http://it.ucsf.edu/security