The two new critical vulnerabilities discovered by Microsoft, named CVE-2019-1181 and CVE-2019-1182, allow an attacker to remotely install malware into the target system and take control of it. The malware then spreads to other vulnerable computers on the same network.

Data from the information security department showed that over 22,000 computers in the country are using Remote Desktop Protocol.

If these computers have yet to install the latest security patches, they are vulnerable to attacks and can spread the malware to other computers on a shared network.

Microsoft released the security updates for these two vulnerabilities on August 13. It also announced other vulnerabilities, including CVE-2019-1222, CVE-2019-1223 and CVE-2019-1224, for remote desktop services, coupled with equivalent security updates.

The department highly recommended State agencies, companies and organizations quickly install security updates to protect data and avoid cyber attacks.

They were also advised to restrict the use of remote desktop services. If the program needs to be run, users should follow multiple security measures, such as using powerful passwords, using a VPN and restricting accounts that can access their computers. SGT