Microsoft is warning of a new trio of Windows vulnerabilities that are “wormable,” meaning these vulnerabilities can be exploited to spread malware from one vulnerable computer to another without any user action in much the way the self-replicating WannaCry and NotPetya outbreaks did in 2017.
Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the three bugs the company patched on Tuesday reside in Remote Desktop Services, which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, and CVE-2019-1222—make it possible to for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as many administrators in large organizations often do.
In such networks, it’s possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.