Security Alert: August 2019 Critical Microsoft Vulnerabilities
On August 13, Microsoft announced critical remote desktop vulnerabilities that allow remote code execution without authentication or user-interaction (meaning attackers can send specially crafted exploit traffic to any vulnerable UMN device on the network). Another critical vulnerability could be used to escalate user privileges. This privilege escalation vulnerability affects all versions of Windows since Windows XP.
What should you do?
IT administrators should implement emergency patching processes immediately. Please review the updated advisory (PDF) for detailed and comprehensive technical information.
Everyone should run Windows updates on personal computers and University devices as soon as possible. Contact your local IT staff for help running updates on University-affiliated computers.
This threat situation is still evolving. The University may have to block Remote Desktop if the risk appears great enough.