Microsoft finds two new wormable vulnerabilities in Remote Desktop Devices

The new vulnerabilities— CVE-2019-1181 and CVE-2019-1182, are also wormable like the recently fixed BlueKeep vulnerability. This means that the future malware that exploits these vulnerabilities can propagate from one vulnerable system to another without any user interaction.

According to Microsoft, the following versions of the Windows are affected by the newly discovered vulnerabilities:

Windows 7 SP1
Windows Server 2008 R2 SP1
Windows Server 2012
Windows 8.1
Windows Server 2012 R2
All supported versions of Windows 10, including server versions.

The previously patched BlueKeep vulnerability also exists in the RDP which is used by Windows OS, including both 32- and 64-bit versions, and Service Pack versions. Microsoft’s Detection and Response Team said that BlueKeep can cause large-scale outbreaks like WannaCry and Conflicker. The team had made some important recommendations to mitigate that.