Vulnerability Summaries

Microsoft CTF protocol- Elevation of Privilege Vulnerability (CVE-2019-1162)

On August 13, 2019, a critical vulnerability was publicly disclosed for Microsoft’s CTF protocol. CTF is part of the Windows Text Services Framework (TSF), the system that manages the text shown inside Windows and Windows applications. Any application, any user – even sandboxed processes – can connect to any CTF session. Clients are expected to report their thread ID, process ID among other information, but there is no authentication involved and you can simply lie. An attacker that hijacks another application’s CTF session can then send commands to that application, posing as the server—normally expected to be the Windows OS. Attackers can use this loophole to either steal data from other applications, or they can use it to issue commands in the name of those applications. If the applications run with high-privileges, then those actions can even allow the attacker to take full control over a victim’s computer.

What’s Vulnerable?

• Windows 10
• Windows 7
• Windows 8/8.1
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Vista
• Windows XP

Remote Desktop Services- Remote Code Execution (RCE) vulnerabilities (CVE-2019-1181, CVE-2019-1182)

On August 13, 2019, two critical vulnerabilities were publicly disclosed for Microsoft’s Remote Desktop Services. These two vulnerabilities are also ‘wormable,’ meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

What’s Vulnerable?

• Windows 10
• Windows 7
• Windows 8/8.1
• Windows Server 2008 R2
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019

What To Do

Managed university-owned computers (MESA): ITS has patched all managed computers joined to MESA. ITS recommends restarting your computer to ensure the patches were applied.

Unmanaged computers (non-MESA): If your computer is not managed, you may be at risk for these vulnerabilities. ITS recommends that you run Windows Update on your system.

Windows Update patch information can be found here:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

References:

Information about the vulnerability can be found here:
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162