Just Another Patch Tuesday? NCSC Stops Another WannaCry, Adobe Hits 83, and WhatsApp Hits Zero
Well. It has been a busy week for CVEs. First we we had the WhatsApp Zero day (CVE-2019–3568) and then CVE-2019–0708 (Remote Desktop Services Remote Code Execution Vulnerability). Adobe’s Patch Tuesday included patches for Flash and Acrobat/Reader (83 vulnerabilities):
For Microsoft, Patch Tuesday included the RDP patch within its 79 vulnerabilities, of which 22 were defined as critical. This mainly included critical patches for cripting engines and browsers (18), and also for remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word.
CVE-2019–0708
The RDP vulnerability allows an attacker to craft an RDP request and gain privileged access to a machine. The vulnerability was found by National Cyber Security Centre (NCSC), and which identified that a worm — could be spread using RDP. It affects systems such as Windows 7, Windows Server 2008 R2, and Windows Server 2008. If exploited this could cause another WannaCry-type infection. One of the most impressive things here is that the NCSC is open about the zero-day vulnerabilty, and is not saving…
