Remote Desktop Services RCE Security Vulnerability BlueKeep can be exploited to access a back-up computer without requiring any user login or action. What's worse is that the vulnerability can become a virus carrier that allows malicious programs to be distributed on and off the network – a scenario that happened with the WannaCryptor attack.
The vulnerability of BlueKeep, officially CVE-2019-0708, threatens supported and unsupported Microsoft operating systems. Windows 7, Windows Server 2008 R2, and Windows Server 2008 users are safe when they configure automatic operating system updates. The vulnerability also has no effect on the Windows 8 and Windows 10 platforms.
However, users of non-Windows XP and Windows Server 2003 compliant operating systems should download the security vulnerability code from the official Microsoft website. Unfortunately, Microsoft has not released a code for Windows Vista that is also vulnerable: users of this operating system are prompted to disable or use the RDP protocol with VPN access only.
Microsoft released a security fix code on May 14, but not all users updated their systems. According to ESET Lietuva IT engineer Ramūnas Liubert, the telemetry data from the ESET Threat Intelligence tool so far does not provide information on exploiting the BlueKeep security vulnerability in Lithuania for malicious programs, but that does not mean that there is no no real danger.
"Any company that uses an incorrectly configured RDP (Remote Desktop Protocol) is a threat to users and network resources. Cybercriminals are constantly trying to brutally invade corporate premises and internal systems. So this is only a matter of time when the security gap "BlueKeep" will be used for cyber attack ", – says Liubert.
According to security experts, if the WannaCryptor scenario repeats itself, you'll see how organizations learned security lessons after 2017. Bulk cyber attacks: Update your operating systems on time, use advanced security solutions to detect network attacks .
For organizations and home users, the ESET IT Engineer from Lithuania advises immediate updating of the operating systems and applications used: It is recommended that Windows users enable automatic updates. Microsoft recommends that you disable Remote Desktop Protocol (RDP) if it is not being used or in high demand.
For companies that use RDP, it is advisable to configure this protocol properly: First, it should not be publicly accessible on the Internet; remote access can only be done for devices on the intranet or through VPN. You can also filter RDP access to the firewall by assigning specific IP addresses to a trusted list. It is recommended to use two-factor authentication tools for safer access.