Microsoft's Detection and Response Team (DART) aims to keep the firm's customers protected against cyber-security issues, while also addressing security compromises that may crop up. In May, the team released a patch for a critical Remote Code Execution vulnerability, CVE-2019-0708.
Also known as BlueKeep, the security vulnerability exists in Remote Desktop Services and requires no user interaction to come into effect. It can allow attackers to connect to a target system via Remote Desktop Protocol (RDP), and then enable them to take control of the system. Furthermore, it is 'wormable', which essentially means that it can replicate and propagate, like the infamous WannaCry ransomware attack.
Today, the DART team has advised all users to update their Windows systems as a form of mitigation against the vulnerability, if they haven't already. The reason for the timing of this notification is the observance of previous patterns regarding patch releases and subsequent worm outbreaks. More specifically, similar vulnerabilities in the past have been followed by outbreak scenarios a couple of months after they've been addressed through patches. Given that BlueKeep was dealt with in May, this implies that a wide-spread attack is quite possible around this time.
Moreover, it has also been recommended that users enable Network Level Authentication (NLA) to prevent unauthenticated access through RDP. Through open-source telemetry, Microsoft has discovered that NLA is currently lacking on around 400,000 systems, making each of these a potential target of BlueKeep.
The DART team has noted that the exploit code for the vulnerability is now publicly available to everyone - including malicious actors. As such, it is highly advised that the recommended actions are taken for protection against it as soon as possible.
9 Comments - Add comment