Latest News Latest News

Back

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client

Get your update caps on.

Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.

Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month.

Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws—one resides in the Windows operating system and the other in Windows Common Log File System Driver.

Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enable a malicious RDP server to compromise the client's computer, reversely, just like researchers demonstrated similar attackers against 3rd-party RDP clients earlier this year.
CVE-2019-0787
CVE-2019-0788
CVE-2019-1290
CVE-2019-1291
Unlike the wormable BlueKeep bug, the newly-patched RDP vulnerabilities are all client-side which require an attacker to trick victims into connecting to a malicious RDP server via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique.

The latest Microsoft Windows update also addresses a remote code execution vulnerability (CVE-2019-1280) in the way Windows operating system processes .LNK shortcut files, allowing attackers to compromise targeted systems.

"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice, on the target system," Microsoft advisory says.

Malicious .LNK files have recently been found using by Astaroth fileless malware as part of its initial attack vector i.e., as an attachment with spear-phishing emails, according to cybersecurity researchers at Microsoft.


Values Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving