I Have just received this warning through, is anyone able to advise on how safe Team Viewer is for remote accessing, is it IP to IP address safe? DejaBlue Windows Remote Desktop Services RCE Vulnerabilities CC-3176 [HIGH SEVERITY] HTTP/2 Denial-of-Service Vulnerabilities CC-3181 VBShower Backdoor CC-3177 Saefko Remote Access Trojan CC-3174 Vendor Security Updates DejaBlue Windows Remote Desktop Services RCE Vulnerabilities CC-3176 Published to ISP 14/08/2019 Microsoft has released details of four remote code execution vulnerabilities, collectively referred to as DejaBlue, affecting Remote Desktop Services (RDS, formally Terminal Services) on their Windows and Windows Server operating systems. They claim that an unauthenticated remote user could exploit these vulnerabilities to gain control of affected systems. The vulnerabilities occur as a result of RDS improperly handling user requests. An attacker could exploit these by sending specifically crafted request to an affected system. If successful, they could then execute arbitrary code on the system. As these vulnerabilities occur pre-authentication, they can be classed as 'wormable' and could be used to create malware that is able to propagate without requiring user interaction. Please note that Remote Desktop Protocol (RDP), the protocol used by RDS, is itself not impacted by these vulnerabilities. Affected Platforms Microsoft Windows - Versions 7 SP1, 8.1 and 10 (all variants) Microsoft Windows Server - Versions 2008 R2 SP1, 2012, 2012 R2, 2016 and 2019 (all variants) Users and administrators are encouraged to review the following Microsoft update advisories, available on the Information Sharing Portal, and apply the necessary updates: CVE-2019-1181: RDS Remote Code Execution Vulnerability CVE-2019-1182: RDS Code Execution Vulnerability CVE-2019-1222: RDS Remote Code Execution Vulnerability CVE-2019-1226: RDS Remote Code Execution Vulnerability Organisations unable to fully remediate these vulnerabilities are encouraged to use the following additional mitigation guidance: Disabling RDS mitigates this vulnerability. Enabling Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2 stops unauthenticated attackers from exploiting this vulnerability. If an attacker can authenticate to RDS then an exploit is still possible. Additionally, organisations can consider the following steps to help detect and prevent attacks using RDP: Only allow point-to-point connections from specific IP addresses where feasible. Ensure Transport Layer Security (TLS) is up-to-date. Log and monitor all RDP activity and investigate unusual behaviour. Consider only allowing RDP for authorised virtual private network (VPN) connections.
... View more