August 15, 2019
On August 13, 2019, Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. This vulnerability could impact Keysight products that use Windows 7, Windows Embedded Standard 7 (WES7), Windows 10 or Windows 10 IoT Enterprise 2016 LTSB operating systems. A Service Bulletin with more information on the vulnerability is available from Microsoft.
As of August 15, 2019, Keysight is unaware of any active exploits of this vulnerability, but as a precaution, is strongly recommending that all Windows 7, WES7, Windows 10 or Windows 10 IoT Enterprise 2016 LTSB based products be updated with the latest Microsoft security patches. Updates can be performed using the Windows Update capability found on your product, or by downloading the appropriate update directly from the Microsoft Security Update Guide and installing the update manually.
For additional questions, please contact Keysight.