Bluekeep – Microsoft Urges Users to Patch


Updated July 18th, 2019

Microsoft took the unusual step of issuing a security patch for long since discontinued operating systems like Windows XP and Server 2003 in mid-May. It said at the time that a newly discovered vulnerability in older versions of Windows had the potential to devastate computers on a scale similar to the WannaCry ransomware in 2017. The update has been available for weeks, but many systems remain unpatched, and Microsoft is confident exploits for the “BlueKeep” flaw now exist in the wild.

It took Microsoft years to rid itself of Windows XP support, which it finally did back in 2017. Yet, there are still millions of computers running XP, and many of them are part of critical infrastructure and enterprise environments where newer operating systems won’t work.  

When announcing the patch, Microsoft opted to keep details of the flaw (CVE-2019-0708) secret. It said the vulnerability (now known as BlueKeep) was “wormable,” meaning it could spread between infected systems like WannaCry did. All Microsoft would say was that it had something to do with the Remote Desktop component of Windows. Windows 8 and 10 are both fully protected, though.

Security researchers have noted that it was easy to develop exploits for BlueKeep, but they’ve decided not to post proof of concept code as the vulnerability is too dangerous. Still, Microsoft is now “confident” that an exploit exists in the wild. By sending a specially crafted Remote Desktop Protocol (RDP) request, an attacker can run arbitrary code on a computer. That could be used to install malware, steal data, and even lock a system down with ransomware.

A security update addressing CVE-2019-0708 was released on May 14 2019, but recent public reports indicate nearly one million computers are still vulnerable.

Microsoft strongly advises that all affected systems should be updated as soon as possible.

— Security Response (@msftsecresponse) May 31, 2019

Currently, security experts have estimated that about one million Windows boxes connected directly to the internet are vulnerable to BlueKeep. That may just be the tip of the iceberg — a vulnerable machine could act as a gateway into internal networks where there are more wormable systems.

Simon Pope, Microsoft’s director of Incident Response is again urging everyone to update their systems with the latest patch. Windows 7 and newer server platforms have all been updated automatically, but Windows XP and Server 2003 need a manual update. Many of those systems are probably on autopilot without anyone on hand to seek out new patches. A BlueKeep worm could be inevitable at this point.

What do you think?

132 points
Upvote Downvote

Written by John Marsh

Nsa hackers hack

NSA says ‘EternalBlue’ hacking tool was not a factor in Baltimore ransomware attack

phone hidden camera filming

Pedophile filmed himself raping a toddler and posted it on Dark web