Microsoft And Adobe Fixes Critical Vulnerabilities of their products
Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows.
Microsoft patches 70 CVE vulnerabilities including 18 listed as critical. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction.
In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While Microsoft has observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
It is Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide.
Microsoft said, the Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. Windows 8 and Windows 10 users are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected.
There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered.
However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
How to Install?
Just go to Settings -> Update and Security -> Windows Update -> Check for updates on your computer, or you can install the updates manually.
Adobe Patches 87 Security Vulnerabilities
Adobe, also fixes 87 security vulnerabilities of its products including Adobe Acrobat, Reader and Flash Player for Windows, macOS, Linux and Chrome OS.
These update address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Users need to update their software packages to the Adobe updated version.