I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.
For those who haven’t been following the security news over the last few weeks, BlueKeep (technically known by the unglamorous name of CVE-2019-0708) is a vulnerability in the Windows 7, Windows XP, Server 2003 and 2008 versions of Remote Desktop Protocol (RDP).
Some estimates suggest that despite Microsoft releasing a patch on May 14, almost one million vulnerable PCs are connected to the internet, and potentially open to exploitation.
Microsoft is clearly concerned, having taken the unusual step of issuing patches for old versions of Windows which it no longer officially supports, and publishing reminders on its blog for users to take action.
The NSA is clearly concerned, urging administrators and users to patch in a press release and distributing a security advisory.
And the UK’s National Cyber Security Centre is clearly concerned. The NCSC, part of GCHQ, privately reported the vulnerability to Microsoft in the first place, and have said that BlueKeep “poses a serious threat” and recommended that organisations and individuals apply their security patches as soon as possible.
In the back of many people’s mind is the WannaCry ransomware outbreak, which struck hard in May 2017, despite patches having already been pushed out by Microsoft.
No-one wants another attack like that. Make sure your computers are patched and secured now.
You may also want to consider the following additional measures suggested by the NSA:
Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection. Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication. Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
For more discussion on the BlueKeep vulnerability and its possible exploitation be sure to check out this episode of the “Smashing Security” podcast:
Smashing Security #131: 'Zap yourself from the net, and patch now against BlueKeep'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
I've seen the mitigation suggestion to disable RDP, but no specific instructions on how to do that.
What is the best practice here? Setting the control panel service for Remote Desktop Services to Disabled? A Registry Key somewhere? Group Policy?
http://lmgtfy.com/?q=How+to+disable+RDP