by danseagrave on 8/14/19, 6:51 PM with 27 comments
by enzanki_ars on 8/14/19, 7:39 PM
Slightly more technical information from Wired: https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/
TL;DR: Remote Code Execution via RDP on all windows versions, including 7 and 10.
Wired Quote:
> "Microsoft today warned Windows users of seven new vulnerabilities in Windows that, like BlueKeep, can be exploited via RDP, a tool that lets administrators connect to other computers in a network. Of those seven bugs, Microsoft's advisory emphasized that two are particularly serious; like BlueKeep, they could be used to code an automated worm that jumps from machine to machine, potentially infecting millions of computers."
> "Unlike BlueKeep, however, the new bugs—half-jokingly named DejaBlue by security researchers tracking it—don't merely affect Windows 7 and earlier, as the earlier RDP vulnerability did. Instead, it affects Windows 7 and beyond, including all recent versions of the operating system."
by Someone1234 on 8/14/19, 7:49 PM
To quote the CVE:
> Disable Remote Desktop Services if they are not required.
#
> Block TCP port 3389 at the enterprise perimeter firewall
If you're using a VPN or RD Gateway which have been best practice for tens of years, you're already insulated. I'd still patch but outside of business hours.
by AstralStorm on 8/15/19, 6:15 AM
They were testing it for corporate users...
by hermitdev on 8/14/19, 8:09 PM