On August 13th, 2019, Microsoft released a couple of patches for Remote Desktop Services to address two critical vulnerabilities: CVE-2019-1181 and CVE-2019-1182. According to the National Vulnerability Database, these CVEs carry an impact severity of 9.8 (using the CVSS v3.0 Severity calculator). In other words, these patches are critically important since malware could exploit these vulnerabilities and propagate between vulnerable computers without user interaction. These patches should be applied to Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10. At the same time, Microsoft delivered another patch, CVE-2019-1162, for Windows 10 after Google’s Project Zero identified a vulnerability which has existed within Windows for 20 years, beginning with Windows XP. According to Microsoft, an attacker who successfully exploits this vulnerability could run arbitrary code in the security context of the local system; then install programs; view, change, or delete data; or create new accounts with full user rights.
Read more in attachment here: Speed Patching.pdf (322.3 KB)