Along with multiple other security fixes in May's Patch Tuesday. Microsoft detailed a new critical remote desktop flaw, Bluekeep, CVE-2019-0708, which also affects older Windows operating systems like Windows 7, Windows Server 2008 R2, and Windows Server 2008.
Along with 78 other security fixes, Microsoft released a separate advisory for CVE-2019-0708. A vulnerability in the remote desktop service dubbed BlueKeep. This vulnerability allows successful attackers to execute arbitrary code on the target machine. An attacker can then install software, view, change or delete data, or even create new user accounts. In addition to what an attacker can do, this vulnerability is also wormable. Meaning that it can be easily abused by future malware to speak across a network.
Microsoft's Security Response Center Director of Incident Response Simon Pope mentioned the future danger in their CVE-2019-0708 blog post:
This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Since many servers use remote desktop services for allowing workers to connect from home, this vulnerability is extremely dangerous and should be patched as soon as possible. To add to this, currently supported operating systems are not the only ones vulnerable. Older operating systems that are no longer supported like, Windows 7, Windows Server 2008 R2, and Windows Server 2008 are also vulnerable. Fortunately, Microsoft released new security updates, even for the old operating systems, so that they can be patched and protected. Newer operating systems also get this security patch through their usual automatic updates. Our May Patch Tuesday also contains a check for the patch Microsoft released and the June Patch Tuesday also includes the fix since those patches are cumulative.
Find Windows Installations at Risk
If you do have one of the unsupported operating systems in your environment, as many do. This custom color-coded vulnerability audit can tell you in no time which devices have the remote desktop service running and which machines also need to be patched.
If you haven't already, start your free Lansweeper trial and get a list of all machines in your network that might be vulnerable to BlueKeep.