What you need to know about the Bluekeep vulnerability
Microsoft warns 1 that a new vulnerability in Windows® Remote Desktop Services (RDS) (also known as Terminal Services) has been discovered for many Windows® Operating Systems which requires no user interaction to lead to a security breach. If you are running on one of these Operating Systems, it has Remote Desktop enabled, and it can be remotely logged into using Remote Desktop Protocol without first logging into a Virtual Private Network (VPN), it may mean it could become infected without the user doing anything at all.
Affected Windows® Operating Systems
- Windows Server® 2003
- Windows Server® 2008
- Windows Server® 2008 R2
- Windows® XP
- Windows® Vista
- Windows® 7
How many systems are potentially impacted?
The US Government published that, “potentially millions of machines are still vulnerable.” 2 This particular vulnerability is so widespread and potentially dangerous that Microsoft has released special Out of Band patches for Windows® XP and Windows Server® 2003.
What Microsoft Windows® security patches are available?
- Windows® XP / Windows Server® 2003 – Security Patch KB4500331 (this patch must manually be downloaded from Microsoft and installed)
- Windows® Vista / Windows Server® 2008 – Security Patch KB4499180 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499149 (this patch is available through Windows® Automatic Update)
- Windows® 7 / Windows Server® 2008 R2 – Security Patch KB4499175 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499164 (this patch is available through Windows® Automatic Update)
Some IT administrators may respond that even though they may have a computer which has one of the affected Windows® Operating Systems, that it does not have Remote Desktop Services enabled, or it requires a VPN to connect to the network before the system can be connected to with RDS so the system is not vulnerable.
Securing the perimeter of your network is important but not installing the latest security patches on computers in the company’s network can produce devastating results if a malicious actor can defeat the perimeter security. We encourage you to run supported Operating Systems with the latest patches regardless of your current network topology. We recommend using a tiered security approach which secures not only your network perimeter but uses network segmentation, running supported Operating Systems, installing current security patches, deploying internal network monitoring and security controls, and employs Role Based Access Controls (RBAC) among other security best practices.
Other resources of information about BlueKeep include:
- https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
- https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/
- https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csa-bluekeep_20190604.pdf
- https://www.ncsc.gov.uk/report/weekly-threat-report-31st-may-2019
Windows® and Windows Server® are registered trademarks of the Microsoft Corporation