Recently Microsoft found a serious security vulnerability affecting their systems, the vulnerability is identified as "BlueKeep RDP Flaw".
The BlueKeep security vulnerability was first reported by Microsoft on 14 May 2019, and officially noted as: CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability.
The BlueKeep vulnerablity affects the following Microsoft Windows Operating Systems:
Windows Server 2008
Windows Server 2008 R2
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch.
How It Can Affect an User?
The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a targeted computer just by sending specially crafted requests to the device's Remote Desktop Service (RDS) via the RDP—without requiring any interaction from a user. BlueKeep vulnerability as being Wormable that could allow malware to propagate to vulnerable systems. Microsoft has released updates for the BlueKeep vulnerability and recommends the updates be applied as soon as possible. In addition, Microsoft recommends that Remote Desktop Services be disabled if they are not required
A researcher named Graham used "rdpscan," a quick scanning tool he built on top of his masscan port scanner that can scan the entire Internet for systems still vulnerable to the BlueKeep vulnerability, and found a whole 7 million systems that were listening on port 3389, of which around 1 million systems are still vulnerable.
"Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines," the researcher says.
"That means when the worm hits, it'll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry, and notPetya from 2017 -- potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness."
GreyNoise Intelligence mentioned in a tweet,
"GreyNoise is observing sweeping tests for systems vulnerable to the RDP "BlueKeep" (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. This activity has been observed from exclusively Tor exit nodes and is likely being executed by a single actor," the tweet says.
How To Fix this Vulnerability & Make Your System Secure ??
Take this three important steps to make your system secure
1. Disable RDP services, if not required.
2. Block port 3389 using a firewall or make it accessible only over a private VPN.
3. Enable Network Level Authentication (NLA) – this is partial mitigation to prevent any unauthenticated attacker from exploiting this Wormable flaw.
Thanks for reading, have a nice day ! Make sure you subscribe to Tech Raj Blog for more interesting articles.