If you are using Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10, stop what you’re doing now, and update your system immediately!
The named Windows versions contain four critical remote code execution vulnerabilities in Remote Desktop Services, which are similar to the recently patched BlueKeep vulnerability.
Microsoft security team has discovered all four vulnerabilities on their own. CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226 can be exploited without authentication to allow remote attackers to take control of a vulnerable system without requiring any user input.
Like BlueKeep vulnerability, all four of the new ones are wormable, which means that they can be used by malware to spread itself from one system to another automatically.
The first two vulnerabilities affect all Windows versions we’ve mentioned. The other two (1222 and 1226) only affect Windows 10 and Windows Server editions.
Microsoft has stated that they have found no evidence that the vulnerabilities are known to any third party.