Earlier this week, we reported on a Windows flaw that has left one million devices open to exploit despite Microsoft issuing a patch. The so-called BlueKeep vulnerability affects legacy Windows versions. In response to the proof-of-concept (PoC) being published, Microsoft has issued a user warning.
The company is cautioning Windows to patch their older versions of Windows to protect against the vulnerability.
BlueKeep is a dangerous vulnerability because it can be executed by bad actors remotely. It is located in Remote Desktop Services on older Windows legacy builds such as Windows 7, Windows XP, AND Server 2003 and 2008.
“This [bug] would have the potential of a global WannaCry-level event,” said Chris Goettl, director of product management for security at Ivanti, during Patch Tuesday. “What’s more, Microsoft has released updates for Windows XP and Server 2003 (which you wouldn’t have found unless you were looking at the Windows Update Catalog). So, this affects Windows 7, Server 2008 R2, XP and Server 2003.”
Known as CVE-2019-0708 by Microsoft, the company says there is a good chance a exploit is in the wild for BlueKeep.
“Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708,” said Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC).
Additionally, the company says it is only a matter of time before BlueKeep is leveraged in the form of a real attack. This is arguably not Microsoft’s fault as patches are available to protect Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 from the vulnerability. These are all the versions BlueKeep is known to be present in.
“Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible,” Pope said.
“It only takes one vulnerable computer connected to the internet to provide a potential gateway into […] corporate networks, where advanced malware could spread, infecting computers across the enterprise,” he said.