Early this month, independent cybersecurity researchers have located and confirmed proof-of-concept exploits, previously only recognized as theoretical threats, that take advantage of Microsoft’s BlueKeep Vulnerability. Although the new findings did not confirm a worm-like attack scenario (like WannaCry and NotPetya in 2017) as anticipated, the high-risk probability prompted yet another round of alerts from Microsoft, the US Department of Homeland Security and the National Security Agency.
BlueKeep, AKA CVE-2019-0708, is a potentially “wormable,” unauthenticated remote code execution vulnerability found in the remote desktop protocol (RDP) feature of older Windows operating systems. Simply put, the malware exploiting this vulnerability is thought to be capable of spreading rapidly from one device to another throughout a network. The potential threat is particularly devastating, as it is pre-authenticated and requires no user interaction. Microsoft’s advisory warns “an attacker could install programs; view, change or delete data; or create new account with full user rights.”
Remote Desktop Services for Windows 2003, Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are among those at risk. While, according to Microsoft, Windows 8, Windows 10 and later versions are immune to this vulnerability.
Back in May of this year, Microsoft’s Security Response Center issued its first warning and stated: “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.” Microsoft released fixes for the identified critical Remote Code Execution vulnerability and strongly advises users without automated patch enablement to apply update their systems ASAP.
Microsoft continues to keep a pulse on this known vulnerability. Multiple warnings and alerts from both Microsoft and DHS suggests US government agencies and private businesses are increasingly worried attackers are looking to exploit this particular vulnerability.
Omega Systems’ Clients
Omega Systems cybersecurity team has also been keeping a watchful eye on this threat and others. We proactively scan for vulnerabilities as soon as they become known. We heeded the initial warnings and patched systems appropriately at first notice.
Omega Systems encourages clients to connect over VPN with 2-factor authentication in lieu of RDP connections. Additionally our firewalls detect and drop BlueKeep RDP vulnerabilities and attacks at the network edge, before it reaches our cloud-based servers.