“Wormable” Bug Could Enable Another WannaCry

Written by

Microsoft released fixes for 79 unique vulnerabilities yesterday, including 22 critical bugs — one of which could be used to spread malware around the globe.

Microsoft detailed the potential impact of CVE-2019-0708 in a separate blog post on Tuesday.

This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.

Even worse, according to Microsoft, the bug is “wormable,” meaning that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft warned.

Although the bug affects older operating systems — Windows 7, Windows Server 2008 R2 and Windows Server 2008 — it should be patched ASAP. Microsoft is even making fixes available for out-of-support versions XP and Windows 2003, such is the potential threat.

“CVE-2019-0708 should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks,” argued Recorded Future senior solutions architect, Allan Liska. “This vulnerability will make that process even easier.”

Elsewhere, IT admins should also fix a zero-day flaw (CVE-2019-0863), which is being exploited in the wild and has also been publicly disclosed, meaning other hackers could use it in their own attacks. It’s an elevation-of-privilege vulnerability in the way Windows Error Reporting handles files, which allows an attacker to gain kernel mode access to a victim system.

In addition, a publicly disclosed vulnerability in Skype for Android (CVE-2019-0932) could enable an attacker to snoop on conversations without a victim’s knowledge.

What’s hot on Infosecurity Magazine?