Bluekeep – A ‘wormable’ RDP vulnerability

BlueKeep is better known as CVE-2019-0708, a vulnerability that Microsoft announced in its May Patch Tuesday release that affects Windows Remote Desktop Services, accessible via the RDP protocol. It allows for remote code execution and is wormable, meaning that a compromised Windows machine could seek out and infect other vulnerable devices with no human interaction. Worms can spread quickly online, as we saw with the WannaCry ransomware exploit in 2017.

BlueKeep affects Windows XP, Vista, and 7 machines, but not Windows 8 or 10 boxes. The older versions make up around 35% of Windows installations, according to Statcounter. The flaw also affects Windows Server 2003 and 2008.

Microsoft has released patches for this flaw (here and here). The problem, as with the CVE-2017-0144 vulnerability that prompted WannaCry, is getting people to apply them. There was a patch available for CVE-2017-0144 two months before WannaCry appeared, but it still wreaked havoc.

So if you haven’t patched already, you’d better get on with it!

All of our Managed customers have already been patched and have firewalls capable of mitigating these risks. To find out more, feel free to get in touch.

Leave a Reply