Inuvika - Advisory: CVE-2019-1181 / CVE-2019-1182 RDS Vulnerabilities

Advisory: CVE-2019-1181 and CVE-2019-1182 RDS Security Vulnerabilities

Inuvika Update Regarding CVE-2019-1181 and CVE-2019-1182 (Remote Desktop Services remote code execution vulnerability)

Overview

New third party security vulnerabilities have been identified that impact multiple versions of Microsoft Windows desktop and server products. The vulnerabilities exist in Microsoft Remote Desktop Services.

This update is intended to advise Inuvika customers and partners on possible risks to OVD environments that use Microsoft Windows application servers.

Impact on OVD Enterprise

The identified issues do not directly impact OVD Enterprise service components. However, customers who use any of the following versions of supported Windows application servers within their OVD environment are encouraged to evaluate possible security risks:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016

Additional versions of Windows desktop and server are also affected. Please refer to Microsoft’s advisory for a full list of products affected.

Inuvika continues to review the situation and will advise our customers on any direct impacts on Inuvika products or services.

Current Recommendation for OVD Enterprise Customers

Inuvika recommends that customers follow IT best practices and perform vendor recommended maintenance updates as they are released.

Customers who use Windows application servers impacted by these vulnerabilities are encouraged to apply Microsoft’s recommended security patches as quickly as possible.

After a patch is applied, verify that the component is performing as expected.

Resources

Microsoft has released patches for all affected versions of Windows Operating System. ref: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

Microsoft Security Response Center: Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Inuvika Support Resources

In the News

Patch time! Microsoft warns of new worm-ready RDP bugs

Microsoft Fixes Critical Windows 10 Wormable Remote Desktop Flaws