Unlike the previous publicly released BlueKeep exploits, the recent release allows for remote-code execution. Although there are no reported attacks in the wild at this time, the Align team expects exploit attempts imminently.
BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the following Microsoft Windows Operating Systems:
- Windows 2000
- Windows Vista
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.
- In June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a list of BlueKeep mitigation measures.
- This was the fourth warning published after Microsoft issued two others and the U.S. National Security Agency issued another.
- CISA also urged all Windows admins and users to review the Microsoft BlueKeep Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708.
- Companies that have not already applied the Microsoft security updates for CVE-2019-0708 should do so immediately.
For more information, please contact Align Managed Services via email firstname.lastname@example.org.