back to article This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month. Microsoft still struggling to close RDP coding blunders Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution …

  1. Anonymous Coward
    Anonymous Coward

    is the lady on the beach pic a bid to get away from that hacker-in-hoodie cliche?

    time to shutmachine and go home methinks...

    1. Rob Daglish

      I can't be the only one who thought of the EEE PC lady on the beach when you said that?

      1. Prst. V.Jeltz Silver badge
        Coffee/keyboard

        thats going back some!

  2. Jigsy
    Windows

    So does disabling RDP also work, or is it still vulnerable even with RDP turned off?

    1. It's just me

      Read The Fine Article

      From the article itself: "mitigations or workarounds... turn off, or firewall off, RDP services"

      1. NetBlackOps

        Re: Read The Fine Article

        Running Server here so both for a bit of insurance. Already dead at the router.

    2. Roland6 Silver badge

      >So does disabling RDP also work

      Well yes, however, if your company is running thin desktops all using RDS to connect to a MS RDS/Terminal Server, expect your business users to quickly complain...

      1. Bronek Kozicki Silver badge

        The typical setup I'm used to in such case is to provide users with VPN access and put RDP on the network segment accessible from VPN.

        1. Roland6 Silver badge

          @Bronek - But wasn't the changes MS made to RDS with Server 2012 (?) put the VPN connection within the RDS service, obstensively so you didn't have to run an explicit VPN client etc. I've come across many small installations (with a single in-house LAN) where effectively people have ticked the use VPN box, changed the RDS port on the firewall to a non-standard port and off they go...

  3. Anonymous Coward
    Anonymous Coward

    And...

    If you have RDP exposed to the Internet, STRONGLY reconsider it. Before these patches are applied you were vulnerable.

    There are numerous options ranging from VPN (free or commercial options) to remote desktop solutions (Citrix, VMware, Parallels).

    If cost is the option, look into DirectAccess instead of unprotected RDP - at the very least you can easily deploy certificates+username to make your environment more secure from remote access vulnerabilities.

  4. Anonymous Coward
    Anonymous Coward

    On the bright side, these latest RDP exploits were discovered internally by MS. It would seem a waist of time now for any potential hackers to invest any real time and effort into finding the exploit when most people will be patched within the next month or two.

    1. Anonymous Coward
      Anonymous Coward

      Yes, because previous malware has failed to take down organisations 6+ months after MS released the patches...

  5. IT Hack
    Pint

    Patch Levels

    Don't laugh. No really.

    Just joined a win 10 rds shop. Not used Win10 nor Server 2019 in anger. Previously I would use the various baseline/security tools to find the patch levels pre Win10. So I searched for a MS tool for these later OS versions. Nada. Nowt. Bollocks all.

    Besides one person making a droll comment about Nessus is there a tool out there that provides this? Am I barking up the wrong tree? In fact am I losing my mind?!

    Yes yes Linux...and mostly probably agree but MS shop.

    A (web based) pint to all who help!

  6. Anonymous Coward
    Anonymous Coward

    Not all are relevant to all OSes?

    There are four vulnerabilities listed in the article:- CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226.

    However, only the first two appear to have associated updates for Windows Server 2008 R2. Does this mean that the remaining two (which have updates for Windows 10 and later only) don't affect it?

    If they're related, I'd have thought it unlikely that further vulnerabilities were introduced with later version of Windows.

  7. Chris Watson 2

    VB6

    There are reports that this update has introduced an issue with variant arrays in the Visual Basic 6 runtime.

    https://www.askwoody.com/2019/microsoft-quietly-updates-all-of-this-months-windows-patches-warning-about-conflicts-with-visual-basic-6-vba-and-vbscript/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019