NIC-CERT/2019-08/EA-1 Dated: 14-08-2019 CVE ID: CVE-2019-0708 CVE-2019-9506, CVE-2019-0736, CVE-2019- 1188, CVE-2019-0720, CVE-2019-0965 Severity: Critical Advisory for Critical Microsoft Vulnerabilities On 13-Aug-2019 Microsoft has released patches for some highly critical vulnerabilities in Windows 0S, which can be exploited by attackers to execute arbitrary code, without requiring any user interaction, similar to the eternal blue exploit which was used to spread Wannacry ransomware ighly critical and action should be taken immediately to avoid any These vulnerabilities are security compromise. Details of Vulnerabi CVE-2019-0708 : This Vulnerability is referred to as Bluekeep Vulnerability. This vulnerability can be exploited by an unauthenticated attacker by connecting to a target system through RDP by using specially crafted requests. This vulnerability requires no user interaction for exploitation. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. Bluekeep primarily affects older versions of Windows OS like XP, Vista, 7, server 2003, server 2008. The patch for this vulnerability was released in May 2019. CVE-2019-9506 This is a key negotiation vulnerability in the hardware specification level for all Bluetooth Classic devices. It could allow an attacker within Bluetooth range to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes - thus interfering with the device's transmissions. CVE-2019-0736: This vulnerability exists in the DHCP client that impacts every supported Microsoft OS. The flaw could allow code execution if an attacker sends a specially crafted packet to an affected client. There’s no user interaction or authentication is required to exploit this vulnerabilityCVE-2019-1188 : This vulnerability involves the parsing of LNK files (.e., shortcuts). This vulnerability could allow an attacker to automatically run a malicious binary against a target and, it can spread inside a network through file shares. CVE-2019-0720 and CVE-2019-0965 : ‘These 2 vulnerabilities are related to Hyper-V and Hyper-V Network Switch. By exploiting these vulnerabilities an authenticated user on a guest system can run arbitrary code on the host system. Recommended Action Immediately apply the latest updates/patches on all machines (i.e., desktops, laptops, servers...etc.) running on Windows OS. Disable Remote Desktop Services, and other services which are not being used and Block ROP Port 3389 at perimeter level If RDP is required to be used then enable Network Level Authentication (NLA) and restrict ROP access to VPN IPs only. Ensure that the OS, Firmware and other software packages are updated with the latest updates/patches. Before rolling out the updates/patches in production environment itis highly recommended to test it in a staging environment for any issues. References 1. https://msre-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in- remote-desktop-services-cve-2019-1181-1182, 2. https://portal. msre.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 3. https://portal. msre.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182