Four wormable bugs in newer versions of Windows need your attention now

by
Dan Goodin
from Ars Technica - All content on (#4N7MK)
FrankLindecke_Flickr_HackerWall-800x533.

Enlarge (credit: Frank Lindecke / Flickr)

Microsoft is warning of a four new Windows vulnerabilities that are "wormable," meaning they can be exploited to spread malware from one vulnerable computer to another without any user action in much the way the self-replicating WannaCry and NotPetya outbreaks did in 2017.

Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services (RDS), which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs-indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226-make it possible for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as is often done in large organizations.

In such networks, it's possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.

Read 10 remaining paragraphs | Comments

index?i=X1qXhH5aKVs:beCJlpA5SSI:V_sGLiPB index?i=X1qXhH5aKVs:beCJlpA5SSI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments