Last month, Microsoft had released fixes for a critical Remote Code Execution vulnerability (CVE-2019-0708), called BlueKeep. This vulnerability was found in Remote Desktop Services, affecting some older versions of Windows. The tech giant has now warned that an exploit exists for this vulnerability.
According to an internet-scale port scanner, nearly one million devices on the public internet are vulnerable to BlueKeep.
“Future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” wrote Microsoft in a blog post.
Which versions of Windows are affected by BlueKeep vulnerability?
The following Windows systems are vulnerable to CVE-2019-0708 BlueKeep:
- Windows 2003
- Windows XP
- Windows 7
- Windows Server 2008 R2
- Windows Server 2008
Users of Windows 8 and Windows 10 are not affected by this vulnerability.
How can BlueKeep vulnerability affect users?
If a vulnerable computer connected to the internet is compromised, it can provide a gateway to the corporate networks. This can allow attackers to spread advanced malware and infect all the computers across the enterprise.
It is a pre-authentication vulnerability and doesn’t need user interaction. Once the vulnerability is exploited, the attackers can execute arbitrary code on the target system. Then, the attacker can install programs, view/change or delete data, as well as create new accounts with full user rights.
“This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” added Microsoft.
How to protect Windows against BlueKeep vulnerability?
Windows 2003 and Windows XP are out-of-support systems. Users of these systems can address the new vulnerability by upgrading to the latest Windows version.
Whereas, the users of in-support systems (Windows 7, Windows Server 2008, Windows Server 2008 R2) can download the security patch from the Microsoft Security Update Guide.
The customers who are using an in-support version of Windows and have enabled automatic updates by default are protected automatically.