Windows 10 update sandbags your PC for worms

Chris Burns - Aug 14, 2019, 12:19 pm CDT
Windows 10 update sandbags your PC for worms

There’s a security patch for Windows 10 out right this minute that you’re going to want to take the time to download. This piece of software aims to stop some new wormable* RDP vulnerabilities. It’s bad news and you should patch the flaw with the relatively simple process provided by Microsoft for updating Windows 10 of several sorts.

UPDATE 2: The term “sandbagging” refers to the placing of bags of sand at key points around a location vulnerable to flooding. Here in Fargo, North Dakota, sandbagging is often necessary in the spring due to massive buildup of snow over the winter which then melts and creates the potential for flash flooding. Skillful sandbagging allows one to divert disaster.

The vulnerability is capable of exploiting a user using RDP – remote desktop protocol – without direct interaction! This RDP message is sent to Windows 10’s RDS (remote desktop services, formerly Windows Terminal). From there, once successfully installed, the attacker’s software can pretty much take over – install more software, change basically anything, delete whatever they’d like, control the computer with full user rights – you know, just the worst possible set of abilities a malicious software entity can have.

Microsoft urged users this week to update as soon as possible for all versions of Windows, including Windows 10 of all sorts, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As noted by Microsoft this week, the most recent patches should fix vulnerabilities CVE-2019-1181/1182 as well as the previous most recent BlueKeep vulnerability CVE-2019-0708.

*Wormable is an interesting word that, as I was informed today, is not as commonly used as I suspected. The word wormable can mean many things. It this case, wormable is a word having to do with computing, specifically to do with a (likely malicious) software bug. If a bug or flaw is wormable, it’s capable of being turned into a network worm. A network worm is a piece of software that can replicate itself to spread to multiple computers connected by digital means. The most fun example of a network worm shown in recent pop culture is a sort-of worm (virus, in this case) shown in Wreck-It Ralph 2: Ralph Breaks the Internet. See that action in the clip below.

Microsoft suggested that they found these vulnerabilities recently whilst doing some “hardening” of Remote Desktop Services – for security purposes. “At this time, we have no evidence that these vulnerabilities were known to any third party,” said Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC).

You can attain these updates through your standard Windows update settings means and ways – OR you can head over to Microsoft’s CVE-2019-1182 list for direct software patch downloads from Microsoft.

Must Read Bits & Bytes