If any of your business’s computers are running older versions of Windows, you need to make sure they receive a patch that fixes a vulnerability known as BlueKeep. Discover what Windows versions have this dangerous vulnerability and where you can find the patches.
Nearly 1 million computers have this security hole, according to one report. To make matters worse, the proof-of-concept code demonstrating how the vulnerability can be exploited was partially released.
The vulnerability is found in Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. It lies in the pre-authentication system used for Remote Desktop Services (formerly known as Terminal Services). This security hole is so serious that Microsoft has even released patches for Windows Vista, Windows XP, and Windows Server 2003, which have reached the end of their lifecycles and therefore are no longer officially supported.
Why the Vulnerability Is So Serious
BlueKeep has been rated as a critical vulnerability. One reason for this rating is that it’s “wormable”. This means that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” said Simon Pope, the director of incident response at the Microsoft Security Response Center, in a TechNet blog.
Pope reiterated this concern in a subsequent blog, adding that it only takes one vulnerable computer connected to the Internet to provide a gateway into a company’s network. Once inside, malware could spread from the initially compromised machine to other computers, even those that are not online. “This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” said Pope.
What to Do
No matter what versions of Windows your business is running, you should disable Remote Desktop Services if it is not being used. This is true even for Windows 10, Windows 8, Windows Server 2019, Windows Server 2016, and Windows Server 2012 machines — which do not have the BlueKeep vulnerability. Disabling this service will reduce your business’s attack surface.
Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003 machines need to be patched, even if you disable Remote Desktop Services on them. Here is the information you need to know:
- If you are running supported versions of Windows 7 or Windows Server 2008 and have automatic updates enabled on those computers, the patch to fix the BlueKeep vulnerability has been already delivered. However, it is a good idea to make sure it was successfully installed. If you find that’s not the case, you can find the applicable patch on the CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability web page.
- If you are running Windows Vista, Windows XP, or Windows Server 2003, you need to manually download and install the patch. You can find the applicable patch on the Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerabilityweb page.
Let us know if you need assistance in checking for or installing the patches to fix the BlueKeep vulnerability.