Dejablue: Vulnerabilities in Windows Remote Desktop



[ad_1]

For the second time in a short time, Microsoft indicates that the Windows RDS service has detected particularly dangerous security vulnerabilities. In a blog post from the Microsoft security team, this is called "wormable", so they could be used for a malware worm that is spreading more and more over the Internet.

Job market

  1. BWI GmbH, Meckenheim
  2. JENOPTIK AG, Jena (TH)

In May, Microsoft had already fixed such a dangerous bug on the remote workstation, Bluekeep. Bluekeep, however, only affected older versions of Windows, such as Windows 7. The space now discovered, appropriately called Dejablue, affects all versions of Windows 7 to Windows 10 and Windows Server 2008 R2 and later.

Two remote code execution holes

A total of four remote desktop service vulnerabilities have been closed with the latest Windows update, two of which can be used to execute code without authentication. All Windows users using the Remote Desktop service should immediately install the latest security updates. If you have enabled the remote desktop but do not use it, you must disable the feature.

Microsoft also writes that enabling the Network Level Authentication (NLA) feature will mitigate the impact of the vulnerabilities. The user must identify with a valid user account before they can open a remote desktop session. Without NLA, a session can be opened before the connection, the user then connects to a login screen.

NLA is available since Windows Vista and, regardless of the current vulnerability, it makes sense to enable this feature. But Microsoft also recommends not relying on the current gap in the NLA: with a valid user account, an attacker can continue to exploit the vulnerabilities and thus extend his rights.

Dejablue was found by Microsoft itself

Microsoft apparently discovered the vulnerabilities because after the Bluekeep break, the remote desktop service had been the subject of a thorough badysis. The deficiencies have not been discovered by external researchers in safety. According to Microsoft, there is no evidence that anyone outside Microsoft has knowledge of the deficiencies.

At Bluekeep, there was a lot of speculation about when a feat would be ready to exploit the gap. Some people claimed to have developed exploits, some companies also sold them. Until now, no exploit has been made public, but the development is relatively complex.

It can be badumed that there will be mbadive attacks on Windows systems connected to the Internet as soon as a corresponding exploit will be made public. This applies to both the old Bluekeep ditch and the now discovered cleft holes.

[ad_2]
Source link