The National Security Agency (NSA) has jumped into the fray recently with an advisory urging Microsoft Windows administrators and users to patch older versions of Windows. This is in the face of a large potential threat from the BlueKeep vulnerability (CVE-2019-0708). This vulnerability is in the Remote Desktop Protocol (RDP). It affects Windows XP, Windows 7, Windows Server 2003 and 2008.
Microsoft has taken the unusual step of providing a patch for the Windows XP and Windows Server 2003 operating systems, both of which have long been end of life (EOL), and hence are unsupported. The BlueKeep vulnerability is said to be ‘wormable’, meaning it could spread without user interaction across the internet.
As per the Microsoft advisory, “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
BlueKeep has been touted as potentially being on the same scale as WannaCry ransomware attack which was reported to have infected more than 230,000 computers in over 150 countries.
Kaseya’s VSA endpoint and network management solution can be used to apply the Windows XP and Windows Server 2003 patches. Automation scripts for these are available in our Automation Exchange from partners such as Upstream (part of their Power Pack and also available here).
Note that CVE-2019-0708 does not affect the latest versions of Microsoft’s operating systems— Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
However, if you are a user of the legacy Microsoft Windows OS—Windows XP and/or Windows Server 2003, apply the BlueKeep patch today!