Serious Remote Desktop Vulnerability: BlueKeep

BlueKeep Exploit

There has been yet another serious vulnerability discovered in Microsoft Windows that is such a serious threat that Microsoft has not only released patches for their currently supported operating systems, but they have also released an "emergency patch" for Windows XP, which has been retired for several years now.  The potential impact and widespread damage have been predicted to parallel or even exceed the Wannacy Virus, which we wrote about back in 2017, when it was spreading around the world like a wildfire:  https://www.pj-networks.com/2017/05/wannacry-ransomware-virus-what-you-need-to-know/

The official name for this new vulnerability is CVE-2019-0708, and it has been given the common name of the "BlueKeep vulnerability".   It uses Microsoft's Remote Desktop Connection (RDP) protocol to allow an unauthorized and unauthenticated attacker to connect into a system that has RDP enabled and initiate a remote code execution that will gather user names and passwords from a compromised system, then send that information back to the hackers.   Once the hackers have the login credentials for other users on the network, they can then use that information to gain access to systems that are fully patched and not vulnerable to BlueKeep.

The systems that are vulnerable to the BlueKeep exploit are Windows XP, Windows 7, Windows Server 2003, Windows Server 2008.  Newer versions of Windows are not vulnerable to this exploit, but keep in mind that it only takes ONE system getting infected on an entire network to potentially compromise all of the system credentials and allow hackers into the rest of the network.  This exploit is considered to be so dangerous that Microsoft has even released a patch for it for the retired operating systems Windows XP, Vista and Server 2003, which you can download from here:  https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

If you currently use any of those retired OS versions, we strongly recommend that you download the appropriate patch from that website and install it as soon as possible.  The patch for currently supported operating systems (Windows 7, Server 2008) is available by running Windows Update and installing all of the available critical security updates.

If you would like to read more about this major Windows vulnerability, these articles can provide more information:

It is always a good idea to check your Windows updates every week or two to make sure that your computer is fully patched, but you also want to be careful; sometimes Microsoft releases "batch patches" (especially for Windows 10) that can cause a system to boot up to a blue screen and become unusable.  So, as a general rule, if you wait a full week after Microsoft has released an update, there is a good chance that if there was a problem with it, a replacement patch was released to replace the bad one.   Generally speaking, "Patch Tuesday", the day that Microsoft releases their monthly batch of updates, will be the second Tuesday of any given month, so if you manually update your computer during the last week of the month, you have a pretty good chance of avoiding any bad security updates or patches that may have been released earlier in the month.

However, if a company wants to allow secure Remote Desktop connections into their business without opening up potentially vulnerable firewall ports to and from the outside Internet, then one of the recommended solutions is to implement an SSL or IPsec VPN solution, which allows remote users to connect into a remote VPN connection first, which gives them access to the business network as if they were sitting in the office working.  From there, they can connect into their work computers using RDP without any exposure to the outside world.   Such a VPN solution encrypts all traffic that flows between the remote user and the local network, meaning that even if a hacker gained access to the data being transmitted, they wouldn't be able to decipher it.

That's about all for now.  As always, if you update your Windows system regularly and manually check for Windows Updates at least once each month, you will not be at risk for the vast majority of the viruses, hacks and ransomware that keep flowing out into the world in a never-ending stream.  If you do get hit with ransomware or some other form of nasty virus, PJ Networks will be here, ready to assist you and help you to recover from whatever damage you might have suffered.  Having complete, regular systems backups to recover from is the best way to help insure a full recovery.

This can be a dangerous world, both on and off of the internet.  Let's be careful out there!

      -The PJ Networks Team

Call Now Button(434) 975-0122