Almost one million older Windows devices are still vulnerable to the BlueKeep security flaw even after Microsoft released a security patch to address the vulnerability.
The vulnerability, known as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and Microsoft has already addressed it with its May 2019 Patch Tuesday update.
The BlueKeep security flaw, which has been described as wormable, can be utilized by malware to spread in a similar way to how the WannaCry ransomware did back in 2017 through the EternalBlue exploit.
By sending specially created requests via the Remote Desktop Protocol (RDP), a hacker can exploit the flaw to execute arbitrary code and take control of a user’s machine without their knowledge.
Microsoft has already released patches for Windows 7, Windows XP, Server 2008 and Server 2003. By enabling Network Level Authentication (NLA) Windows 7 and Server 2008 users can prevent unauthenticated attacks and alternatively the threat can be mitigated by blocking TCP port 3389.
BlueKeep security flaw
Researchers have already developed proof-of-concept exploits for BlueKeep though none have been released publicly. Many expect attacks exploiting the flaw to appear any day now and to make matters worse, industrial and medical products are also at risk.
By using the Masscan port scanner and a modified version of rdpscan, Errata Security’s Robert Graham carried out an internet scan that found more than 923,000 devices which appear to be vulnerable to BlueKeep attacks.
Graham also identified more than 1.4m machines that have been patched to protect them from BlueKeep and around 1.2m devices that cannot be exploited online since they’re using NLA or the Credential Security Support Provider protocol.
If you’re unable to install the latest security patch from Microsoft to protect your devices from the BlueKeep security flaw, thankfully opatch has released a micropatch which can be easily applied to vulnerable systems.
- We’ve also highlighted the best antivirus to help keep your systems protected from the latest cyber threats
Via Security Week