Mon. Nov 18th, 2019

CISA issues a warning about BlueKeep vulnerability

1 min read

Microsoft has been convincing old Windows users to install patches as soon as possible to fix a serious RDP vulnerability called “BlueKeep.” After receiving support from the National Security Agency (NSA) earlier this month, Microsoft was again assisted by the US Cybersecurity and Infrastructure Security Agency (CISA), which released an “Alert ” to remind users to install the BlueKeep vulnerability patch as soon as possible.

Remote Desktop Protocol

“CISA encourages users and administrators review the Microsoft Security Advisory [3] and the Microsoft Customer Guidance for CVE-2019-0708 [4] and apply the appropriate mitigation measures as soon as possible.”

The vulnerability is described as wormable and can be exploited by RDS services to spread malicious programs in a similar way to the WannaCry ransomware in 2017. Anonymous hackers have attempted to exploit this vulnerability to execute arbitrary code and send specially crafted requests via Remote Desktop Protocol (RDP) to control the computer without user interaction.

Currently, Microsoft has released patches for Windows 7, Windows Server 2008, Windows XP, and Windows Server 2003. Windows 7 and Windows Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA) and can also mitigate threats by blocking TCP port 3389.