In May 2019 Microsoft released updates for a critical vulnerability in Microsoft Remote Desktop Services (RDS) referenced as CVE-2019-0708, also known as “BlueKeep”. Updates cover a number of versions of Microsoft Windows, including unsupported versions of the operating system. Yesterday, Microsoft published additional updates addressing newly discovered critical vulnerabilities in RDS referenced as CVE-2019-1181 and CVE-2019-1182. These vulnerabilities affect all currently supported versions of Microsoft operating systems.
These vulnerabilities are considered “wormable,” meaning it presents a risk of a large-scale outbreak due to its ability to replicate and propagate, similar to Conficker and WannaCry. Canadian businesses and individuals using the Microsoft Windows operating system should immediately update their systems to protect themselves against potential compromise.
The Cyber Centre previously published alert notices on our website:
For further information, please visit Microsoft’s Security Response Centre here.
We have notified Government of Canada partners and critical infrastructure owners of risks posed by these vulnerabilities and the recommended actions to take. We will continue to post cyber alerts and keep Canadians informed.
As always, we recommend implementing the Top 10 IT Security Actions to protect against cyber-security breaches. The Top 10 help minimize intrusions or the impacts to a network if a successful cyber intrusion occurs.
Andre Boucher,
Associate Head, Canadian Centre for Cyber Security
