Working BlueKeep Exploit Announced – Are You Patched?

by

July 29, 2019

Immunity, a cybersecurity contracting company based out of Miami, Florida has announced a working exploit for the dreaded BlueKeep vulnerability. But you don’t have to panic.

What is BlueKeep?

BlueKeep (or CVE-2019-0708) is a security vulnerability that could potentially allow attackers to compromise remote desktop protocols in order to take control of end-points remotely.

According to Microsoft, an attacker who successfully exploits this vulnerability could execute arbitrary code on the target system, installing programs, viewing, changing or deleting data and have the ability to create new user accounts with full administrative rights.

BlueKeep is considered “wormable” because malware exploiting this vulnerability could propagate across a network.

What systems are affected?

The Cybersecurity and Infrastructure Security Agency (CISA) says the following systems are affected by BlueKeep:

  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

What can you do to protect yourself?

 Patch, patch, patch. Microsoft has released multiple patches that address this security issue, including patches for operating systems they otherwise no longer support (Windows XP and Windows Server 2003 for example).

If you haven’t implement the patches yet we highly recommend you do.

What steps can you take to mitigate BlueKeeps impact beyond patching?

The CISA recommends you:

  • Upgrade end-of life OSs – Consider upgrading any EOL OSs no longer supported by Microsoft to a newer, supported OS, such as Windows 10.
  • Disable unnecessary services – Disable services not being used by the OS. This best practice limits exposure to vulnerabilities.
  • Enable Network Level Authentication – Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. Doing so forces a session request to be authenticated and effectively mitigates against BlueKeep, as exploit of the vulnerability requires an unauthenticated session.
  • Block Transmission Control Protocol (TCP) port 3389 at the enterprise perimeter firewall –Because port 3389 is used to initiate an RDP session, blocking it prevents an attacker from exploiting BlueKeep from outside the user’s network.However, this will block legitimate RDP sessions and may not prevent unauthenticated sessions from being initiated inside a network.

Are there any known BlueKeep exploits beyond Immunity’s?

Publicly, no. There aren’t. Are there private exploits out in the wild? Probably. Hackers and rogue developers aren widely known for soliciting their exploits before using them in an attack.

Should you be worried about Immunity’s BlueKeep exploit?

No, probably not. The chances of the code leaking to the dark web or something are slim. Considering their business practices and their customer base it just doesn’t look likely.

Can Integris help us patch, update, or manage your systems?

Absolutely. If you’re an existing customer you just have to ask your Security7 technical support agent for assistance.

If you’re not a customer, we offer Managed Services packages. You can contact us via that page or by using this link. We’re happy to help you in any way we can.

Like our blog? Subscribe using the CTA in the upper right hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

 

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...