In this case, up-to-date means installing the latest security updates. Microsoft has patched its older platforms to protect against BlueKeep, but many users have not updated. BlueKeep is a dangerous vulnerability because it can be executed by bad actors remotely. It is located in Remote Desktop Services on older Windows legacy builds such as Windows 7, Windows XP, AND Server 2003 and 2008. “This [bug] would have the potential of a global WannaCry-level event,” said Chris Goettl, director of product management for security at Ivanti, during Patch Tuesday. “What’s more, Microsoft has released updates for Windows XP and Server 2003 (which you wouldn’t have found unless you were looking at the Windows Update Catalog). So, this affects Windows 7, Server 2008 R2, XP and Server 2003.” Microsoft has said over one million machines are vulnerable to BlueKeep, but each could be protected with the patch: “Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708,” said Simon Pope,?Director of Incident Response,?Microsoft Security Response Center (MSRC).
NSA Response
The NSA advisory agrees with Microsoft’s assessment. A senior advisor, Rob Joyce, says users should “patch and protect” and described BlueKeep as a “significant risk”. “This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”