If you are using Windows 10, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions then you should update your Windows right now. Microsoft recently alerted users that it patched two critical remote code execution (RCE) “wormable” vulnerabilities, which could have allowed hackers to spread malware to both your — and others — PCs without your knowledge or any interaction.
Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.
Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.
These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products. At this time, they have no evidence that these vulnerabilities were known to any third party.
As always, the patches for these vulnerabilities can be downloaded by heading to Windows Update and pressing on Check for Updates.
Security vulnerabilities, exploits, and bugs are not uncommon for Windows 10. A separate security flaw was discovered on Wednesday, August 14, which could allow hackers to infect a PC with a line of malicious code. Before that, in June, the National Security Agency also warned Americans to update Windows 10 to avoid a critical security exploit and the BlueKeep wormable.
