Remote Desktop Services (RDS) benefit employees and IT administrators alike. With employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home. It also makes updating and managing systems easier, which can alleviate the administrative burden when handling a large network.
Unfortunately, a vulnerability recently discovered in RDS has the potential to let hackers remotely wreak havoc on computers or servers running RDS — and their networks — if the issue isn’t patched.
What is BlueKeep?
During Windows’ May 2019 patch cycle, Microsoft released a patch for a remote code execution bug in their Remote Desktop Services software. If left unpatched, this vulnerability could allow remote, unauthenticated attackers to execute payloads with administrative privileges and spread to other computers/servers within a network.
Errata Security CEO, Robert Graham, scanned all externally facing IP addresses on May 28th, 2019 for systems susceptible to BlueKeep.
In his blog, Robert estimated nearly one million computers, laptops, and servers may be vulnerable and Microsoft noted that if an attacker is able to gain access into the system, they could then “install programs; view, change, or delete data; or create new accounts with full user rights.”
Exploiting the Vulnerability
Offensive security researchers have worked around the clock to prove the BlueKeep vulnerability could be exploited by malicious hackers. On June 3rd 2019, Ryan Hanson showcased his success on Twitter despite having “very little experience with kernel exploitation”.
Considering previous wormable attacks like WannaCry, it is highly probably that hackers will start attacking unpatched computers and servers in the very near future. Microsoft, NSA, and dozens of fellow security vendors have made similar conclusions and advise IT departments to immediately patch affected systems.
How Do I Fix This Vulnerability?
Due to the severity of BlueKeep, Microsoft has released patches for all actively supported versions of Windows and the old/busted versions from yesteryear. You can find these patches here:
- Windows 7, Server 2008, and Server 2008 R2 patches
- Windows XP, Server 2003, Server 2003 R2, and Windows Vista patches
Installing the appropriate patch via your tried and tested patching process will fix this vulnerability. Considering the criticality of this issue, we strongly suggest you trust but verify the success of these patches.
What is the Risk of Not Fixing the Vulnerability?
Vulnerable hosts are extremely likely to be remotely compromised by an attacker which could lead to data theft or encryption of all files using ransomware.
Considering this has the potential to be a wormable exploit, not only would the exploited host be affected but an entire network could be impacted as well.
This is an excerpt from our partners here:
https://blog.huntresslabs.com/keeping-up-with-bluekeep-d0676b976841
