BlueKeep flaw might still be affecting older Windows versions

by Ugnius Kiguolis - -

NSA is urging users to patch BlueKeep vulnerability before it leads to malicious attacks

BlueKeep flaw might still be affecting older Windows versions' users

It has already been two times when Microsoft notified Windows users about the importance of patching the BlueKeep flaw,[1] also recognized as the CVE-2019-0708 vulnerability.[2] However, this flaw can still be found on Windows computers, increasing the risk of serious cyber attacks, such as WannaCry,[3] Bad Rabbit or NotPeya which were initiated in the past by a similar vulnerability named EternalBlue.[4]

These three viruses are considered to be one of the most prevalent threats which are related to huge losses worldwide. WannaCry, Bad Rabbit and Petya launched numerous attempts against their victims in the past for swindling the money and similar aims.

Nowadays, the United States National Security Agency (NSA) is shouting out about the necessity of patching the BlueKeep flaw as it might lead to such or similar cyber attacks. According to experts, this vulnerability was found in older variants of the Windows, such as Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, and Windows 7.

The main target of BlueKeep vulnerability is the Remote Desktop Protocol (RDP). The most dangerous thing about this flaw is that it is capable of generating the self-distributing payload.

Specialists: one million computers are found to be at risk

During the security research, computer experts discovered that about one million of Windows computers related to the risk of BlueKeep. This number might be even bigger if the specialists would have had all the possibilities to scan all computers. However, after the second Microsoft warning to patch this flaw, system admins were not able to keep up with all the updates as fast as they should have.

Specialists are warning all users about potential danger and are trying to show them the importance of patching BlueKeep. Those who don't take care of this flaw properly will run into these issues:

  • putting the computer system in danger of being infected by serious malware;
  • losing all data stored on the system as the most frequent viruses using similar vulnerabilities are ransomware;
  • infecting the entire network and losing data stored on it.

To patch the flaw, users need to download security updates that are provided by Microsoft.[5]

NSA released an advisory on security measures for the flaw patching

Continuously, NSA has also released an advisory on how to deal with BlueKeep vulnerability.[6] Authorities from this organization are strongly advising all users to follow patches provided by Microsoft and also take additional security measures. The more the people are involved in this worldwide safety operation, the smaller the risk of malicious attempts via BlueKeep will be.

Some other prevention tips on malicious RDP attempts:

  1. Block TCP Port 3389 at their firewalls. This is extremely important for those people who have firewalls exposed to the Web as the port prevents accessing details about particular connections.
  2. Deactivate remote Desktop Services if they are not necessary. Users should disable all services that they are not using anymore as this decreases the risk of facing malicious attempts via security flaws.
  3. Opt for Network Level Authentication which will harden the infiltration process for cybercriminals. Such safety measure asks for valid credit card details if a person wants to remotely launch code or run specific activities.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References


Your opinion regarding BlueKeep flaw might still be affecting older Windows versions

Files
Software
Compare
Like us on Facebook