#PSA : You Should Make Sure That You Have Patched Your Windows Computers To Protect You From The “BlueKeep” Vulnerablity

If you haven’t heard of the “BlueKeep” vulnerability, you might want to pay attention. This is a vulnerability that could potentially allow unauthenticated attackers to install programs, view or manipulate data, or create fully privileged new accounts by executing code via specially crafted requests, with no user interaction required. In short, it is highly dangerous. The danger comes from the fact that beyond everything that I have mentioned, it is possible to have this spread in the same way as attacks like “Wannacry” did. That in short increases the danger level further.

BlueKeep affects machines running on Windows 7, Windows Server 2008 R2 and Windows Server 2008, as well as the unsupported Windows 2003 and Windows XP OSes. Microsoft put out patches in May including ones for the unsupported OSes mentioned above, but there may be as many as a million systems that might be affected by this bug that have not been patched. So if I were you, I would make sure your Windows computers are fully patched.

Now if you want to go to the next level in terms of protecting yourself, the NSA has some tips for you.

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable Remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Remember, this is a highly dangerous vulnerability and the best means to protect yourself is to install the patches that Microsoft has put out and take the advice of the NSA. Because now that this is out there, attacks will be commencing.

Leave a Reply

%d bloggers like this: