Today, Microsoft has released information about a cyber threat “BlueKeep” that could impact businesses, worldwide, on a level similar to WannaCry.
The Common Vulnerabilities and Exposures (CVE) database maintained by the US Department of Homeland Security and US Cyber Security and Infrastructure Agency has given the vulnerability (CVE-2019-0708) a CVE score of 9.8/10. The official description of the vulnerability in the CVE database is “A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.”
Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC) released a statement about the vulnerability https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
In the statement Simon wrote: “This vulnerability is pre-authentication and requires no user interaction”, “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
This vulnerability only affects Microsoft Windows operating systems older than Windows 8 / Windows Server 2012. This vulnerability underscores the importance of keeping your operating systems reasonably up-to-date.
Per our policy for addressing critical vulnerabilities will be deploying aggressive patching of these patches including manual reporting of machines not in compliance and manual patch installation where applicable.
If your organization has systems that are not managed by happier IT, we encourage you to patch these systems as quickly as possible.