Microsoft is advising its Windows users to update their operating system or risk being open to a serious vulnerability. CVE-2019-0708, also known as BlueKeep, was discovered and patched back in May, but the company has seen an uptick in threats.
The attack method centers around a flaw in Windows' Remote Desktop Protocol and is especially significant because it's wormable. Simply, an attacker can create a malware that can spread from PC to PC in a widespread, WannaCry-like outbreak.
Users can fully mitigate the threat by installing the latest update. According to Microsoft, plenty of users are at risk of BlueKeep based attacks:
“Via open source telemetry, we see more than 400,000 endpoints lacking any form of network-level authentication, which puts each of these systems potentially at risk from a worm-based weaponization of the BlueKeep vulnerability,” its DART team said. “The timeline between patch release and the appearance of a worm outbreak is difficult to predict and varies from case to case.”
Second WannaCry-like Event Still Possible
As well as updates, DART recommends users internet listening RDP protect is behind a VPN, SSL Tunnel, or RDP Gateway. It has noted that worm outbreaks are largely unpredictable, though in this case exploit code is publically available, so it's only a matter of time.
The National Security Agency recently issued its own warning about BlueKeep. It deemed the vulnerability a significant risk, and warned of “a global WannaCry-level event”. The flaw affects versions from XP to Windows 7 and Server variants.
Microsoft previously put the number of vulnerable PCs at over one-million machines. Its nickname, BlueKeep, is a reference to the lack of security in Game of Thrones Red Keep, and its tendency to cause a blue screen.