The National Security Agency (NSA) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have both called upon Windows administrators to immediately install Microsoft’s patch for the BlueKeep flaw.
BlueKeep — also known as CVE-2019-0708 — is a Remote Code Execution (RCE) gap in Windows’ Remote Desktop Services.
According to Microsoft:
“An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system … [and] install programs; view, change, or delete data; or create new accounts with full user rights.”
BlueKeep is also ‘wormable,’ which means that any malware that exploits this gap can spread from one vulnerable PC to another without user interaction (similar to WannaCry).
The following Microsoft Windows builds have the BlueKeep vulnerability:
- Windows 7
- Windows Server 2008 R2
- Windows Server 2008
- Windows XP
- and Windows Server 2003
Windows 8 and Windows 10 do not have the BlueKeep vulnerability. There’s no patch for Windows Vista, so you must disable Remote Desktop Protocol (RDP) completely (ESET).
Not Sure if Your PCs are Secure From BlueKeep
and Other Potential Exploits?
The NSA is warning that even though Microsoft has released a patch for BlueKeep (read here), “potentially millions of machines are still vulnerable.” In addition to the patch, the NSA is also advising IT administrators to implement the following steps:
- Block your firewalls’ TCP Port 3389. The RDP protocol uses this port and this step will block any attempt to establish a connection.
- Implement Network Level Authentication. This is an RDP feature that will force “attackers to have valid credentials to perform remote code authentication.”
- Disable Remote Desktop Services if you do not require them. The goal is to disable any unused or unnecessary service and, in turn, reduce your exposure to cyber risk.
If possible, the DHS recommends that IT administrators phase-out legacy versions of Windows, especially those operating systems no longer supported by Microsoft (e.g., XP and Vista).
Fortunately, unlike WannaCry, the NSA and DHS’ warnings are an example of the cybersecurity community coming out ahead of a potential threat.
However, the fact that the US Government is issuing the warning through the NSA indicates that the possibility of an attack is real. We strongly recommend that companies alert their IT teams to implement the patch and the steps outlined above.
Need Support Managing Your Business’ IT Assets?
- Network and Data Threats – Do You Know Where to Start?
- IT Automation Services Increases Efficiency and Cuts Costs
- Managed Services Providers Are an Extension of Your Business
We also realize that securing your IT assets against BlueKeep and potential threats in the future may be difficult for small businesses. In this case, you can continue focusing on your core tasks by delegating your cybersecurity challenges to an experienced managed IT services provider.
Buchanan IT’s full-service one-stop-shop to managing your IT ensures that your PCs are never left vulnerable to BlueKeep and other potential exploits. Contact us today to audit your PCs and other IT assets and protect you from costly cyber attacks.