Microsoft released its August 2019 software patch updates and there are two advisories to address a total of 94 vulnerabilities in its Windows operating systems. 26 rated as critical. According to a Lan Sweeper article:
The August 2019 Patch Tuesday security updates include patches for various supported versions of Windows and other Microsoft products, including Internet Explorer, Edge, Office, ChakraCore, Visual Studio, Online Services, and Active Directory Microsoft Dynamics.
Included in this month’s updates are two new Critical and wormable Remote Desktop Protocol (RDP) vulnerabilities that affect all versions of Windows and could be used to remotely download and install malware on vulnerable computers.
In their Patch Tuesday, Microsoft announced two new wormable Critical Remote Desktop Protocol vulnerabilities that affect all versions of Windows. ASD Confirms that “Today the BlueKeep vulnerability is readily available to cybercriminals who seek to exploit vulnerable systems en masse.” These new vulnerabilities are similar to the previous BlueKeep RDP vulnerability (CVE-2019-0708) as it is both wormable and allows for Remote Code Execution. This could allow an attacker to remotely install malware on vulnerable machines.
The vulnerabilities have been assigned CVE IDs CVE-2019-1181 and CVE-2019-1182 and are more critical than BlueKeep as they affect all in-support Windows versions, including Windows 10 and Windows Server.