Yesterday (13/08/2019) Microsoft released a set of fixes for the Remote Desktop Services in Windows 10, including two critical Remote Code Execution vulnerability fixes, in its Security Response Center. And both Microsoft and ourselves are urging all Windows 10 users to apply those fixes immediately!
The two critical vulnerabilities in the Remote Code Execution are wormable, meaning that future malware that exploited them could spread from PC to PC without ANY user interaction, quickly infecting hundreds of millions of computers around the world.
The vulnerabilities were discovered by Microsoft during their ongoing attempts to make Windows 10 (and indeed, Windows 7, 8.1 and Windows Server) more secure. It is not thought that the vulnerabilities are known to third parties, but the they are still urging users to patch their systems as quickly as possible.
Which Versions of Window Are Affected?
The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.
Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.
How To Protect Your Windows 10 PC
Step 1 – If you have Automatic Updates enabled on your computer, the fixes should already have been applied, but it is worth checking in Settings > Updates & Security to see if you have any updates awaiting installation.
Step 2 – Click the Check for Updates button and wait for the search to finish and any available updates to be displayed. You will be looking for an update called “2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508)” or similar.
Step 3 – Alternatively, if you are worried that the patches haven’t been added automatically, you can go to CVE-2019-1182, look for your version of Windows in the list and download the security update manually. If you are unsure which version of Windows 10 is currently running on your computer, you can find out in Settings > System > About, and then scroll down to “Windows Specification”.