Microsoft recently released a fix for for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – that affects older versions of Microsoft Windows. Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 RS are all vulnerable to the bug called “BlueKeep.”
According to the first Microsoft announcement, the flaw “is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
An update to the initial announcement stated “if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.”
The NSA even issued an advisory to administrators and users, urging them to patch legacy versions of Windows given the volume of potential victims of DoS exploits, for example. The advisory further states “It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability. NSA is concerned that malicious cyber actors
will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
WSTP 10 News interviewed Brian Jack, KnowBe4’s Chief Information Security Officer. “This is something that would allow the hacker to take full control of your computer, without you knowing, to do things like turn on your webcam and watch you or listen to you or read your email or do anything they want, as if they were sitting right there on your computer,” said Jack. “You would have no idea they were there.”
In the video below Brian explains how to install the Microsoft Windows BlueKeep patch.
Many organisations, especially smaller ones, still run legacy versions of Windows servers that affect production, making this patch mission critical. That could include smaller banks which may have ATMs that are at risk without the patch. On someone’s personal computer, Jack warns hackers could get in and hold their files hostage or steal their financial information.
Here is the full guide to installing the patch on each operating system from Microsoft suport: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708