Bekker's Blog

Blog archive

Concern Mounts About 'BlueKeep' Windows RDP Flaw

The Cybersecurity and Infrastructure Security Agency (CISA), the lead U.S. government unit on civilian cybersecurity, has joined the chorus of warnings about the "BlueKeep" Windows security vulnerability.

BlueKeep refers to a critical vulnerability in the implementation of the Remote Desktop Protocol (RDP) used by several older Windows operating systems, including Windows 2000, Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008. BlueKeep's Common Vulnerabilities and Exposures (CVE) identifier is CVE-2019-0708.

Microsoft disclosed the vulnerability in mid-May and took the extraordinary step of providing patches for some of the involved operating systems that have fallen out of support -- Windows XP, Windows Vista and Windows Server 2003.

Because the vulnerability is pre-authentication and requires no user interaction, Microsoft at the time warned, "The vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017."

In an end-of-May blog post, the Microsoft Security Response Center repeated its warnings about the BlueKeep vulnerability in no uncertain terms. "It's been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we're out of the woods ... It is possible that we won't see this vulnerability incorporated into malware. But that's not the way to bet."

Earlier this month, the U.S. National Security Agency (NSA) issued a public warning of its own urging Windows administrators to apply the patch and update their systems. In the June 4 statement, the NSA wrote, "Although Microsoft has issued a patch, potentially millions of machines are still vulnerable."

Now comes the CISA warning, which also urges users and administrators to review Microsoft's advisory and "apply the appropriate mitigation measures as soon as possible." In addition to enumerating the previous concerns about the vulnerability -- such as a successful attacker's ability to add accounts with full user rights; view, change or delete data; or install programs -- CISA goes further with a discussion of its own tests.

"CISA tested BlueKeep against a Windows 2000 machine and achieved remote code execution. Windows OS versions prior to Windows 8 that are not mentioned in this Activity Alert may also be affected; however, CISA has not tested these systems," the alert states.

Attila Tomaschek, data privacy advocate at ProPrivacy.com, said the CISA warning should not be taken lightly, in part because of the agency's test. "The fact that CISA revealed that it was able to exploit BlueKeep to execute code remotely on a computer running Windows 2000 suggests that it is only a matter of time before malicious attackers are able to do the same," Tomaschek said in an e-mailed statement.

Tomaschek suggested that the CISA's critical warning indicates that authorities believe the threat of a malicious exploit with the capability to infect large numbers of vulnerable devices is imminent. "Organizations and individuals using vulnerable Windows operating systems should take heed and install Microsoft's security updates to patch the vulnerability and insulate themselves from an attack that could potentially take over their systems and compromise hordes of sensitive data," he said.

Posted by Scott Bekker on June 19, 2019 at 12:47 PM


Featured

  • Microsoft Launches Desktop Analytics Service for Windows Devices

    Now generally available, Desktop Analytics gives organizations dashboard views of their managed Windows "endpoints, applications and drivers."

  • Microsoft Unveils SQL Server IoT 2019, Other IoT Advances

    Microsoft expanded its IoT lineup this week, announcing the general availability of NXP support in Windows 10 IoT Core and the forthcoming release of SQL Server IoT 2019.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.