[ARS] Four wormable bugs in newer versions of Windows

[Pickles von Brine]

Quote

Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services, which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226—make it possible to for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as many administrators in large organizations often do...
...

“The vulnerabilities include the latest versions of Windows, not just older versions like in BlueKeep,” independent security researcher Kevin Beaumont told Ars. “There will be a race between organizations to patch systems before people reverse engineer the vulnerability from the patches to learn how to exploit them. My message would be: keep calm and patch.”

Windows machines that have automatic updating enabled should receive the patch within hours if they haven’t already. Installing Tuesday’s patches is the single most effective way to ensure computers and the networks they’re connected to are safe against worms that exploit the newly described vulnerabilities. For people or organizations that can’t update immediately, a good mitigation is to “enable NLA and leave it enabled for all external and internal systems,” Beaumont said in a blog post.

Source

Nasty man! This could get bad before it gets better. Luckily updates will protect you... as long as you update. Back when these wannacry vrisues were going around, I was a data recovery engineer. The shear number of drives we got in with a virus similar to was amazing. 

 

And worse, something like this could make incidents like Baltimore more commonplace. Either that, or start targeting health care, shipping and a good number of organizations slow to respond to stuff like this. 

 

Well, here is to hoping people patch. 

[Oshino Shinobu]

Looks like the same as CVE-2019-0708 which was found back in May. Loads of servers went un-patched because MS borked Event Viewer with most of the June updates. 

[Salv8 (sam)]

i saw worm and thought of this:

this be hackers when they exploit this vulnerability to gain access to some data...

[Arika]

something seems off

 

Quote

“The vulnerabilities include the latest versions of Windows, not just older versions like in BlueKeep,” independent security researcher Kevin Beaumont told Ars. “There will be a race between organizations to patch systems before people reverse engineer the vulnerability from the patches to learn how to exploit them. My message would be: keep calm and patch.”

and then straight away

Quote

Windows machines that have automatic updating enabled should receive the patch within hours if they haven’t already.

 

is it patched or not?

[mr moose]

4 minutes ago, Arika S said:

something seems off

 

and then straight away

 

is it patched or not?

For those of us who have updates on automatic are fine, for those who have them disabled or organizations with alternative update settings might need to ensure they make this update a priority.  

[Bananasplit_00]

Obligatory *laughs in Linux*

[xAcid9]

*laugh in XP inside 7 inside 10*  oh wait... *BSOD*

 

i think i received an update this morning.

[Doobeedoo]

Well shit, but patched soon though eo good. 

[williamcll]

15 hours ago, Genwyn said:

*laughs in windows vista*

Isn't Vista even more vulnerable at this point?

[The King of the Undead]

6 hours ago, Bananasplit_00 said:

Obligatory *laughs in Linux*

you beat me!

[thedude4bides]

Am I correct in assuming that to exploit these vulnerabilities the attacker would have to be on the same network as you?

[leadeater]

58 minutes ago, thedude4bides said:

Am I correct in assuming that to exploit these vulnerabilities the attacker would have to be on the same network as you?

No, if you allow internet access for RDP then anyone can from anywhere. Most home users don't port forward RDP though.

[thedude4bides]

4 minutes ago, leadeater said:

No, if you allow internet access for RDP then anyone can from anywhere. Most home users don't port forward RDP though.

Thanks.  I can't remember if I disabled that or not... although, if I didn't it was because doing so interfered with some other feature I use.  Are you saying I can use port-forwarding to mitigate somehow?

[mr moose]

12 hours ago, Bananasplit_00 said:

Obligatory *laughs in Linux*

 

I think people should consider a little more deeply before trotting out this meme,  it really doesn't mean anything in the context of the issue.  Most home users are not vulnerable because they do not have the required network settings enabled/disabled and they have automatic updates. 

 

So unless you are managing a corporate network with Linux office computers then Linux holds no advantage to laugh over.

[mr moose]

1 minute ago, thedude4bides said:

Thanks.  I can't remember if I disabled that or not... although, if I didn't it was because doing so interfered with some other feature I use.  Are you saying I can use port-forwarding to mitigate somehow?

other way around, you are only at risk if you do port forward.

[spartaman64]

22 minutes ago, mr moose said:

 

I think people should consider a little more deeply before trotting out this meme,  it really doesn't mean anything in the context of the issue.  Most home users are not vulnerable because they do not have the required network settings enabled/disabled and they have automatic updates. 

 

So unless you are managing a corporate network with Linux office computers then Linux holds no advantage to laugh over.

i think the concern is that one employee falls for a phishing email or plugs in a bad usb drive and it compromises the entire company instead of just that computer

[mr moose]

21 minutes ago, spartaman64 said:

i think the concern is that one employee falls for a phishing email or plugs in a bad usb drive and it compromises the entire company instead of just that computer

 

  Corporate clients for the most part do not use Linux.    Using Linux on a home computer is not comparable or relevant to a corporate network issue.  It would be like saying "Laughs in S3" if they discover an exploit in NVIDIA game drivers.  

[spartaman64]

1 minute ago, mr moose said:

 

  Corporate clients for the most part do not use Linux.    Using Linux on a home computer is not comparable or relevant to a corporate network issue.  It would be like saying "Laughs in S3" if they discover an exploit in NVIDIA game drivers.  

yes but the ones that do can laugh in linux  and theres the risk of your non techie parents clicking on something and getting your computer infected also

[leadeater]

2 minutes ago, spartaman64 said:

yes but the ones that do can laugh in linux  and theres the risk of your non techie parents clicking on something and getting your computer infected also

Family computers are much more of a rarity now days, most devices are personal devices and have only one person using them. The exception to that is tablets and phones when showing someone else a video, not that they are actually using the devices just viewing it.

[vanished]

I wonder how many times we will need a global event like "wannacry" before businesses and organizations realize the ironic and problematic nature of being the most lucrative targets, the most inherently vulnerable, and often the most poorly managed and updated, and actually start doing something about the last one.

[leadeater]

10 minutes ago, Ryan_Vickers said:

I wonder how many times we will need a global event like "wannacry" before businesses and organizations realize the ironic and problematic nature of being the most lucrative targets, the most inherently vulnerable, and often the most poorly managed and updated, and actually start doing something about the last one.

Never 

[mr moose]

27 minutes ago, spartaman64 said:

yes but the ones that do can laugh in linux  and theres the risk of your non techie parents clicking on something and getting your computer infected also

 

When the "laughs in Linux" is appropriate I'll join in (I have a Linux system for specific uses), but like the Torvalds giving Nvidia the middle finger, these memes are starting to get used anywhere and everywhere where it doesn't make sense.

[spartaman64]

2 minutes ago, mr moose said:

 

When the "laughs in Linux" is appropriate I'll join in (I have a Linux system for specific uses), but like the Torvalds giving Nvidia the middle finger, these memes are starting to get used anywhere and everywhere where it doesn't make sense.

i havent seen that meme in years

[mr moose]

2 minutes ago, spartaman64 said:

i havent seen that meme in years

It gets posted here a fair bit.  

 

Here it is being referenced in a thread that has absolutely nothing to do with nvidia only in may.