A set of vulnerabilities has been disclosed by Microsoft that affects all currently supported versions of Windows Server including 2008 R2, 2012, 2012 R2, 2016, and 2019. These vulnerabilities affect the Remote Desktop service and may allow an attacker to gain control over an affected server and use it to steal data, interfere with services, or propagate malware.  All current versions of Windows for desktop computers are also affected.  Microsoft has indicated these vulnerabilities are severe and very likely to be exploitable in the near future without user interaction.

Microsoft has confirmed that Windows XP, Server 2003 and Server 2008 are not affected.  Linux distributions, such as CentOS, Debian, and Ubuntu, are not affected.

This vulnerabilities are not exploitable if you do not have the Remote Desktop service enabled, however it is enabled by default on servers and it is the most common method for managing a Windows server.

These vulnerabilities have been assigned CVE entries:

• CVE-2019-1181
• CVE-2019-1182

Microsoft published the following articles which contain additional information:

• CVE-2019-1181
• CVE-2019-1182

It is recommended that any affected customers immediately run Windows Update and restart the server after updates have been installed successfully.  The following updates are required to resolve the vulnerabilities:

• Windows Server 2019: Build 17763.678 (KB4511553)
• Windows Server 2016: Build 14393.3144 (KB4512517)
• Windows Server 2012 R2: KB4512488 (Full update) or KB4512489 (Security only)
• Windows Server 2012: KB4512518 (Full update) or KB4512482 (Security only)
• Windows Server 2008 R2: KB4512506 (Full update) or KB4512486 (Security only)

See the following sections for directions on how to install updates for supported Windows server versions. If you have any questions or need assistance performing these upgrades, please contact us and we'll be happy to help.

Windows Server 2016 & 2019

To install this update on Windows Server 2016 or 2019, follow these steps:

1. Click on the "Start" Windows icon
2. Click on the "Settings" gear icon
3. Click on "Updates & security"
4. Click on "Check for updates" if the button is visible, or skip to the next step if you see "Updates are available" instead
5. Make sure there is an update called "2019-08 Cumulative Update for Windows Server" with one of the following in the name:
   • KB4511553 (Server 2019)
   • KB4512517 (Server 2016)
6. Click on "Install now"
7. Once the updates have installed, follow the prompts to restart your server

If there is no matching update listed in step 5, you may need to first install all other updates, restart your server, then return to the Windows Update screen until the update is available.

Windows Server 2008 R2, 2012, & 2012 R2

To install this update on Windows Server 2008 R2, 2012, or 2012 R2, follow these steps:

1. Click on the "Start" Windows icon
2. Type "Windows Update" while the menu is open
3. Click on the "Windows Update" icon
4. Click on "Check for updates" on the left
5. When update checking is complete, click on the "important updates are available" text
6. Make sure there is an update called "2019-08 Security Monthly Quality Rollup for Windows Server" with one of the following in the name:
   • KB4512506 (Server 2008 R2)
   • KB4512518 (Server 2012)
   • KB4512488 (Server 2012 R2)
7. If the update is not checked, click the checkbox to check it
8. Click "OK"
9. Click "Install updates"
10. Once the updates have installed, follow prompts to restart your server

If there is no matching update listed in step 6, you may need to first install all other updates, restart your server, then return to the Windows Update screen until the update is available.