Security experts are warning users and organizations to patch a critical Remote Desktop Services vulnerability CVE-2019-0708 dubbed “Bluekeep” affecting Windows systems.
The patch for CVE-2019-0708 was rolled out as part of Microsoft’s May patch release, but could be only a matter of time before attackers develop exploit code that could have a wide impact.
Microsoft warned about the “wormable” threat in a blog post last Tuesday:
“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
One security expert Kevin Beaumont came up with the nickname “BlueKeep” in a tweet saying the bug is as “secure as the Red Keep in Game of Thrones, and often leads to a blue screen of death when exploited.”
Johannes B. Ullrich, Dean of Research at SANS Technology Institute, also urged users to patch the flaw and provided some sound guidance for organizations to mitigate the short term risks and be proactive with long term fixes.
Ullrich warned in blog post that attackers can exploit the vulnerability without authentication and can lead to arbitrary code execution. Also, way too many organizations have systems exposing Remote Desktop Protocol (RDP) to the internet. Not to mention, older operating systems (such as Windows XP, Windows 7 and Server 2003 / 2008) are also affected by the bug.
Ullrich also encouraged organizations to take up longer term fixes, such as upgrading from Windows 7 to Windows 10 OS and upgrade servers off of 2008 to newer server OS. Also, limit/isolate use of RDP in your environment.
“Eliminating RDP may be difficult for some organizations. But you can at least isolate it by requiring a VPN to connect to it, or by taking advantage of an RDP gateway supporting SSL,” Ullrich writes.
Microsoft also provided patches for the older Windows XP and Server 2003 OS, even though they have long been unsupported.