Skip to main content

Beware of BlueKeep

By: James Azar

As June kicks off, many Microsoft users will have to wake up and take action, fast. It’s now almost three weeks after Microsoft released the security patch against the wormable BlueKeep and up to 1 million Windows systems are still unpatched.

We are assuming that the users either didn’t hear about the patch, don’t know how to patch or are simply aren’t aware of the potential threat of BlueKeep, so are basically ignoring the patch advice from Microsoft.

Microsoft are not playing this vulnerability down and that, in and of itself, should be a huge red flag to everyone.

Let’s just say, in terms of potential chaos, that BlueKeep is going to equal and possible outdo the damage of Wannacry and NotPetya.

What is BlueKeep?

BlueKeepis the name for a critical security vulnerability, known to the more techy as CVE-2019–0708. It can instigate self-replicating wormmalwarewhich has been discovered to be as destructive as the 2017 WannaCry attackwhich shut computers down worldwide to the tune of millions of dollars in damages.

Which computers are affected?

This affects computers that use older versions of the Microsoft Windows operating system. The BlueKeep vulnerability has a wide-ranging ability to affect multiple editions of Windows including 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and has the potential to go for other unauthorized servers.

What is wormable?

The BlueKeep vulnerability has been described as ‘wormable’ meaning that it could allow malware to spread to vulnerable systems. The security firm Errata Security found that approximately 950,000 publicly accessed machines, including both organizations, such as systems in HMOs and local government organizations, along with individual users are highly vulnerable to BlueKeep. This would apply especially to those that keep a lower tech, and don’t update their systems on a regular basis. 

Graham, a tech guru from Errata Security stated “Hackers are likely to figure out a robust exploit in the next month or two and cause havoc,” Greynoise intelligence also chimed in, pointing out that not only the researchers but hackers have been targeting vulnerable windows operating systems, internet wide with malware. Basically, the patch success for BlueKeep, is on a very tight deadline.

What can be done to mitigate this vulnerability?

1. Reconfigure Remote Desktop Protocol (RDP): If your company needs RDP, avoid exposing it to the public. Use computers on LAN, or via a VPN, to establish a remote session. Another recommendation is to use a firewall, whitelisting a specific IP range. The security of your remote sessions can be further improved by using multi-factor authentication.

2. Disable RDP: Microsoft have advised companies to disable RDP until the latest patches are applied. In fact, they have suggested to only enable the RDP when it is being used.

3. Patch and Enable:If you or your company run a supported version of Windows update to the latest, meanwhile you should really just enable the automatic updates. If it is unsupported, just download the patches and apply.

4. Use a reliable multi-layered security solution:this can help spot and mitigate the attacks from the network level and downward.

For more on BlueKeep and other cybersecurity news, check out the CyberHub Engage Podcast.