Security Bulletin: Remote Desktop Services Vulnerability

Microsoft recently announced a pair of Windows 10 Remote Code Execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These vulnerabilities allow cybercriminals to obtain remote control of a computer over a network connection. Microsoft discovered the vulnerabilities during routine testing of Windows 10, which allowed them to publish the required security updates and notify the public at the same time. Currently, there are no known exploits by cybercriminals, and the risk of exploitation is low for the near term.

Guidance

Systems Engineering recommends patching your workstations and servers to address this and any future vulnerabilities. Our clients who use an in-support version of windows and subscribe to IT Essentials, Network Security, Endpoint Security, or Network Monitoring (servers only) services, are receiving the patch as part of their regular patching schedule. For those who do not have one of our patching services, it is recommended you push the patch independently.

For more information, contact your Systems Engineering Account Manager.