Microsoft has announced the appointment of Kevin Beaumont, a cybersecurity researcher who first labeled the wormable Windows BlueKeep vulnerability. The UK-based expert will join Microsoft Treat Protection under the Microsoft Defender division.
This move may raise a few eyebrows because Beaumont has largely been a critic of cybersecurity vendors like Microsoft. Certainly, he has argued against the companies cyber security efforts in the past.
Despite that criticism, Beaumont argues it is now time to “put m career where my mouth is”.
He thinks the cybersecurity industry is in an equivalent stage as black and white television. Beaumont points to the ability of bad actors to bring down major organizations with relatively simple tools.
Jessica Payne nabbed me with this great talk btw. https://t.co/de9aRupqFX
— Kevin Beaumont (@GossiTheDog) March 2, 2020
“The sad truth is that organizations are getting attacked with whatever tools the attackers can gain access to, and quite often it's not the most sophisticated or Hollywoodesque way in – it is what works,” he notes.
Beaumont believes Microsoft Threat Protection is a leader in preventing attacks. He says the service can help organizations “spot commonalities between attacks, and provide top-down protection through the stack”.
BlueKeep is described as a “wormable” bug. It is particularly dangerous because it can be executed by bad actors remotely. The vulnerability occurs in Remote Desktop Services on older Windows legacy builds such as Windows 7, Windows XP, AND Server 2003 and 2008.
“This [bug] would have the potential of a global WannaCry-level event,” said Chris Goettl, director of product management for security at Ivanti, during a Patch Tuesday last year. “What's more, Microsoft has released updates for Windows XP and Server 2003 (which you wouldn't have found unless you were looking at the Windows Update Catalog). So, this affects Windows 7, Server 2008 R2, XP and Server 2003.”
BlueKeep can be prevented by ensuring machines are fully patched with the latest security updates.