May 16, 2019

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

By Mark Stockley

Microsoft has issued a patch for a vulnerability in its Remote Desktop Services that can be exploited remotely, via RDP, without authentication and used to run arbitrary code:

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

It doesn’t get much worse than that.

Fixes are included in for versions of Windows 7 and Windows 2008 (see the advisory for the full list) as part of Microsoft’s most recent Patch Tuesday. Patches have also been made available for versions of Windows XP and Windows 2003 (see the customer guidance for the full list).

The flaw is considered ‘wormable’, meaning that it has the potential to be used in malware that spreads by itself across and between networks.

Millions of computer networks around the world have RDP exposed to the outside world so that they can be managed not only via their local network but also across the internet. Sometimes, that external access was enabled on purpose; sometimes the exposure is an unwanted mistake – but in either case, a network where RDP can be reached from the outside is a potential gateway for an automated attack to reach a new victim.

Given the number of targets, and the potential for an explosive, exponential spread, we suggest you treat it as a matter of when, not if, the patch is reverse engineered and an exploit created, so you should update immediately. For more guidance, check out this article’s What to do? section.


Microsoft fixes Intel ZombieLoad bug with Patch Tuesday updates

By Danny Bradbury

Microsoft’s May 2019 Patch Tuesday fixed 79 vulnerabilities, 19 of which are classed as Critical. Here’s a summary of the most notable ones. 


The update fixed a processor logic flaw (CVE-2018-12130) that allows computer programs to steal each other’s’ data.

Discovered by researchers at the Graz University of Technology and KU Leaven, the attack is able to read data between different threads, which are separate programs running on the same physical computer core.

ZombieLoad is known as a Microarchitectural Data Sampling (MDS) vulnerability, and it shares some characteristics with Spectre and Meltdown, the two side channel attacks announced in January 2018. It is a flaw in Intel processor hardware, meaning that it affects any operating systems running on x86 chips, including Windows. It uses Intel’s speculative execution feature to pilfer other programs’ data. As Microsoft explained in the note associated with the patch:

In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another.

The attack affects both desktop and server-based systems, although exploiting it isn’t trivial. Someone would need to run a malicious app on the target system.

Microsoft’s patch joins other fixes from companies including Apple and Google. It provides a software workaround until Intel fixes the bug in future processor releases. The patch probably won’t affect performance on consumer systems, said the advisory.



Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation