The BlueKeep RDP bug (CVE-2019-0708) in Microsoft Windows is a serious issue and it has been making rounds for almost a month now. As you might know, it affects older Windows versions including Windows 7 and XP.
Microsoft first revealed details about the bug last month and also released a security patch for all the affected machines.
The initial estimate was that around 7 million devices were affected. It later came down to 1 million after researcher Robert Graham did some further scanning on the web. Still, the numbers are big.
On May 30, Microsft again reminded users about the severity of the bug and urged them to update their machines as soon as possible.
The US National Security Agency has now come forward, asking users to install security patched on their affected machines. NSA’s cybersecurity official Rob Joyce has called BlueKeep a “significant risk to unpatched systems.”
NSA is raising their own concern that the Microsoft RDP flaw (#BlueKeep) is of significant risk to unpatched systems. Patch and protect! https://t.co/hj1c40psma
— Rob Joyce (@RGB_Lights) June 4, 2019
In a blog post (via Gizmodo) published on Wednesday, the NSA warned that the bug could be used by attackers to perform a denial of service attack.
“NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” the agency said.
Additionally, it has suggested a couple of precautionary measures that Windows admins and users can implement. Such as blocking the TCP port 3389, turning off Remote Desktop services if not required, and enabling network level authentication.
So far, no active BlueKeep exploits have been traced by eagle-eyed security researchers. However, GitHub user Ekultek has come up with a proof-of-concept for the bug which can create the conditions for remote code execution.
“I have been able to execute commands on Windows XP with this PoC personally,” he said.