CyberSecurity

CISA issues Alert against BlueKeep Remote Desktop Exploit

After so many warnings to users to patch or upgrade their systems after two others from Microsoft and one from the NSA National Security Agency  again a new warning is their by the Department of Homeland Security’s CISA (  The Cybersecurity and Infrastructure Security Agency) Bluekeep Vulnerability .

They told that they did a successful remote code execution on a computer running a vulnerable version of Windows 2000. CISA alert users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw known as BlueKeep. They also told windows version prior to windows 8 may also be affected but they have not yet tested on those system.

BlueKeep Flaw lets an unauthenticated user to remotely access a machine and allows attacker to run arbitrary code, conduct denial of service attacks , deleting system files and even changing the users profile. vulnerability tracked as CVE-2019-0708 

BlueKeep is said to be a replicating or ‘Wormable’ malware because if an attacker manages to exploit it on a vulnerable system then BlueKeep exploit would be capable of rapidly spreading to vulnerable machine similarly like the WannaCry malware attacks of 2017,” CISA explains.

Mitigation

  • Install available patches. Microsoft has released security updates to patch this vulnerability. Microsoft has also released patches for a number of OSs that are no longer officially supported, including Windows Vista, Windows XP, and Windows Server 2003. As always, CISA encourages users and administrators to test patches before installation.

For OSs that do not have patches

  • Block Transmission Control Protocol (TCP) port 3389 at the enterprise perimeter firewall. Because port 3389 is used to initiate an RDP session, blocking it prevents an attacker from exploiting BlueKeep from outside the user’s network. However, this will block legitimate RDP sessions and may not prevent unauthenticated sessions from being initiated inside a network.Disable unnecessary services. Disable services not being used by the OS. This best practice limits exposure to vulnerabilities.  
  • Upgrade end-of-life (EOL) OSs. Consider upgrading any EOL OSs no longer supported by Microsoft to a newer, supported OS, such as Windows 10.Enable Network Level Authentication. Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. Doing so forces a session request to be authenticated and effectively mitigates against BlueKeep, as exploit of the vulnerability requires an unauthenticated session.

FOLLOW AUTHOR AMOZ – INSTAGRAM

TWITTER – @amoz0X

Leave a Reply

Your email address will not be published. Required fields are marked *