Inuvika Update Regarding CVE-2019-1181 and CVE-2019-1182 (Remote Desktop Services remote code execution vulnerability)
Overview
New third party security vulnerabilities have been identified that impact multiple versions of Microsoft Windows desktop and server products. The vulnerabilities exist in Microsoft Remote Desktop Services.
This update is intended to advise Inuvika customers and partners on possible risks to OVD environments that use Microsoft Windows application servers.
Impact on OVD Enterprise
The identified issues do not directly impact OVD Enterprise service components. However, customers who use any of the following versions of supported Windows application servers within their OVD environment are encouraged to evaluate possible security risks:
- Windows Server 2008 R2 SP1
- Windows Server 2012 R2
- Windows Server 2016
Additional versions of Windows desktop and server are also affected. Please refer to Microsoft’s advisory for a full list of products affected.
Inuvika continues to review the situation and will advise our customers on any direct impacts on Inuvika products or services.
Current Recommendation for OVD Enterprise Customers
Inuvika recommends that customers follow IT best practices and perform vendor recommended maintenance updates as they are released.
Customers who use Windows application servers impacted by these vulnerabilities are encouraged to apply Microsoft’s recommended security patches as quickly as possible.
After a patch is applied, verify that the component is performing as expected.
Resources
Microsoft has released patches for all affected versions of Windows Operating System. ref: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
Microsoft Security Response Center: Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
Inuvika Support Resources
In the News
Patch time! Microsoft warns of new worm-ready RDP bugs
Microsoft Fixes Critical Windows 10 Wormable Remote Desktop Flaws