Man explaining something to women in front of laptop

Cyber Announcement

/by

Cyber Announcement
November 13 2019

Update Windows immediately to guard against BlueKeep exploit

Outdated Windows systems vulnerable to BlueKeep exploit

Security researchers have recently seen a mass exploitation attempt targeting devices vulnerable to the BlueKeep
exploit, also known as CVE-2019-0708. This advisory urges our policyholders to ensure all systems are updated to
avoid potential attacks as a result of this, or any other, vulnerability.

BlueKeep is a critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services (RDS) and was first
reported in May 2019. It is ‘wormable’, meaning it could be used to spread malware without authentication or user
interaction. It, therefore, has the potential to create incidents similar to the WannaCry ransomware attack of 2017.

As of November 2019, it is estimated that 500,000 systems could still be exposed to BlueKeep, despite Microsoft
releasing patches against the exploit shortly after its discovery in May. The National Security Agency and Microsoft
have stressed the importance of running system updates and have advised everyone to immediately apply patches
to the following affected versions of Windows:

• Windows XP, Windows Vista, Windows 7
• Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

Please advise your clients to upgrade to the most recent version as soon as possible. Legacy operating systems
pose a serious security risk since the more outdated systems become, the less likely manufacturers will support
them with security patches.

Besides upgrading systems, the following additional measures should also be taken:
• Block TCP port 3389 at your firewalls, as this port is used by the Remote Desktop Protocol. This will deny
any attempts to establish a connection.
• Enable Network Level Authentication (NLA). This would mean an attacker would first have to authenticate
the RDS to exploit the vulnerability.
• Disable RDS if it is not needed to reduce exposure to vulnerabilities overall.

For those of our customers who use the affected versions of Windows, links to critical patches are contained within the Security Guidance Advisory link from Microsoft here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Thanks for your time and attention!
For any questions or further information please email info@aboutunderwriting.com.au