A couple of weeks ago Microsoft released a security patch to fix a remote-code execution vulnerability in its Remote Desktop Protocol (RDP) services; now, IT security audit specialists report that there are still about a million Windows systems vulnerable to exploiting this flaw.
If exploited, the vulnerability could generate
serious global consequences; the IT security audit specialists consider that
this flaw has a destructive potential as large as the attack campaigns of
ransomware WannaCry
and NotPetya in 2017.
The vulnerability CVE-2019-0708, known among
specialists as “BlueKeep”, affects the versions of Windows 2003, XP,
Windows 7, in addition to Windows Server 2008.
As reported, the fault would allow a remote
attacker to execute arbitrary code to take over a compromised machine, it’s
only required sending specially crafted requests to the Windows Remote Desktop
service; user interaction is not necessary. So far no proof-of-concept code is
known to exploit this vulnerability, although some experts claim to have
developed functional exploits.
According to experts, vulnerability could allow
malware to find a way to spread through vulnerable systems in the same way as
WannaCry. The company launched the patch to correct the flaw in its May update
package. However, according to IT security audit, there are still around 950,000
computers with Windows operating system that have not installed the updates, so
they remain vulnerable to the exploitation of BlueKeep.
The specialists from the International
Institute of Cyber Security (IICS) consider that this is a serious problem because,
for now, launching patches update is the fastest way to fix security vulnerabilities,
but it depends on the system administrators for installing updates as soon as
possible, otherwise flaws are still exploitable.
If you are not able to install the updates
right now, experts recommend:
- Disable
Remote Desktop Services if not used - Block
port 3389 by implementing a firewall - Enable
network-level authentication (NLA)
