Almost a million systems are reportedly vulnerable to BlueKeep (CVE-2019-0708), a critical vulnerability in remote desktop services. Microsoft’s Patch Tuesday for May already rolled out patches for BlueKeep, and security advisories were released to help users address the vulnerability. Other vendors have also issued their own patches for mission-critical systems and servers (e.g., ATMs) that need to be constantly run or cannot be rebooted.
The estimate was based on an internet scan of publicly accessible systems susceptible to BlueKeep. Errata Security’s Robert Graham used scanning tools to search for devices whose port 3389, which remote desktop protocol (RDP) uses by default, is exposed. After filtering the search results, Graham found around 950,000 internet-facing systems vulnerable to BlueKeep.
BlueKeep affects Windows Server 2008 and Windows 7, as well as end-of-support Windows Server 2003 and Windows XP.
[InfoSec Guide: Remote Desktop Protocol (RDP)]
BlueKeep made headlines given the significant security risk it poses. For one, exploiting BlueKeep does not require user interaction. BlueKeep is also “wormable,” which means threats exploiting this vulnerability can propagate similar to the way attackers used the EternalBlue exploit to infect systems with the notorious WannaCry and Petya/NotPetya.
For critical and high-profile vulnerabilities like BlueKeep, it is a race against time. While there have been no reports of active, in-the-wild attacks, it’s only a matter of time before attackers incorporate a BlueKeep exploit into their malware. In fact, Graham’s report came on the heels of recent news of anomalous activities that security researchers observed to be actively scanning the internet for Windows systems vulnerable to BlueKeep. Security researchers have already come up with proofs of concept and demonstrated working exploits, albeit partially.
Opportunistic attackers and cybercriminals often use an organization’s window of exposure to a vulnerability to compromise its network and the systems connected to it. Here are some best practices that can help users and enterprises reduce their exposure to threats that may exploit BlueKeep:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.