Outdated Windows systems vulnerable to BlueKeep exploit
In recent weeks there has been a significant rise in exploitation attempts targeting devices vulnerable to the BlueKeep exploit, also known as CVE-2019-0708.
BlueKeep is a critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services (RDS) and was first reported in May 2019. It is ‘wormable’, meaning it could be used to spread malware without authentication or user interaction. It therefore has the potential to create incidents similar to the WannaCry ransomware attack of 2017.
As of November 2019, it is estimated that 500,000 systems could still be exposed to BlueKeep, despite Microsoft releasing patches against the exploit shortly after its discovery in May.
The National Security Agency and Microsoft have stressed the importance of running system updates and have advised everyone to immediately apply patches to the following affected versions of Windows:
• Windows XP, Windows Vista, Windows 7
• Windows Server 2003, Windows Server 2008, Windows Server 2008 R2
Please ensure that you or your Managed Service Provider have upgraded to the most recent version as soon as possible. Legacy operating systems pose a serious security risk, since the more outdated systems become, the less likely manufacturers will support with security patches.
Besides upgrading systems, the following additional measures should also be taken:
• Block TCP port 3389 at your firewalls, as this port is used by the Remote Desktop Protocol. This will deny any attempts to establish a connection.
• Enable Network Level Authentication (NLA). This would mean an attacker would first have to authenticate the RDS to exploit the vulnerability.
• Disable RDS if it is not needed to reduce exposure to vulnerabilities overall.
For those who use the affected versions of Windows, links to critical patches are contained within the Security Guidance Advisory link from Microsoft here:
For additional guidance and insurance solutions contact Bullerwell & Co Ltd today.