Archived Content
In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Last Revised
Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
- Windows Server 2016
- Windows Server 2019
An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:
- Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
- Microsoft Security Vulnerability Information for CVE-2019-1181
- Microsoft Security Vulnerability Information for CVE-2019-1182
- Microsoft Security Blog Post: Protect Against BlueKeep
- Microsoft Customer Guidance for CVE-2019-0708
This product is provided subject to this Notification and this Privacy & Use policy.