BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows

Bluekeep

I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.

For those who haven’t been following the security news over the last few weeks, BlueKeep (technically known by the unglamorous name of CVE-2019-0708) is a vulnerability in the Windows 7, Windows XP, Server 2003 and 2008 versions of Remote Desktop Protocol (RDP).

Some estimates suggest that despite Microsoft releasing a patch on May 14, almost one million vulnerable PCs are connected to the internet, and potentially open to exploitation.

Sign up to our free newsletter.
Security news, advice, and tips.

Microsoft is clearly concerned, having taken the unusual step of issuing patches for old versions of Windows which it no longer officially supports, and publishing reminders on its blog for users to take action.

The NSA is clearly concerned, urging administrators and users to patch in a press release and distributing a security advisory.

And the UK’s National Cyber Security Centre is clearly concerned. The NCSC, part of GCHQ, privately reported the vulnerability to Microsoft in the first place, and have said that BlueKeep “poses a serious threat” and recommended that organisations and individuals apply their security patches as soon as possible.

In the back of many people’s mind is the WannaCry ransomware outbreak, which struck hard in May 2017, despite patches having already been pushed out by Microsoft.

No-one wants another attack like that. Make sure your computers are patched and secured now.

You may also want to consider the following additional measures suggested by the NSA:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
  • For more discussion on the BlueKeep vulnerability and its possible exploitation be sure to check out this episode of the “Smashing Security” podcast:

    Smashing Security #131: 'Zap yourself from the net, and patch now against BlueKeep'

    Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
    More episodes...


    Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

    2 comments on “BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows”

    1. Greg Neumarke

      I've seen the mitigation suggestion to disable RDP, but no specific instructions on how to do that.
      What is the best practice here? Setting the control panel service for Remote Desktop Services to Disabled? A Registry Key somewhere? Group Policy?

      1. Me · in reply to Greg Neumarke

        http://lmgtfy.com/?q=How+to+disable+RDP

    What do you think? Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.