Wednesday, June 19, 2019

Word of the Day: BlueKeep (CVE-2019-0708)

Word of the Day WhatIs.com
Daily updates on the latest technology terms | June 19, 2019
BlueKeep (CVE-2019-0708)

BlueKeep (CVE-2019-0708) is a vulnerability in the Remote Desktop Protocol (RDP) that can affect the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems. Microsoft is urging computer users running these versions of Windows to update their operating systems as soon as possible.

A BlueKeep exploit has the potential to spread in a worm-like fashion and self-replicate without requiring any user interaction. According to Microsoft, an attacker could potentially send specially crafted malware packets to an unpatched Windows operating systems that has RDP enabled. After successfully sending the packets, the attacker would then have the ability to perform a number of actions, including adding new user accounts, installing malicious programming and making changes to data.

BlueKeep proof of concept (PoC) exploits for denial-of-service (DoS) attacks and limited remote code execution (RCE) on unprotected systems have been demonstrated by researchers from Twitter, McAfee, Zerodium and Kaspersky. As of this writing, BlueKeep attacks have not been seen in the wild, but security researchers at Proofpoint have reported they've seen low-level scanning activity looking for vulnerable systems.

BlueKeep code fixes were issued on the May 14, 2019 for all supported Windows operating systems, as well as Windows XP and Server 2003. In addition to patching and updating Windows operating systems to prevent BlueKeep exploits, network administrators should also consider:

  • Disabling unused and unneeded RDP services.
  • Blocking TCP Port 3389.
  • Enabling network level authentication in RDP services to prevent attackers from performing remote code execution without valid credentials.

Editor's note: The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed it has used BlueKeep to remotely run code on a Windows 2000 computer. As of this writing, Windows 2000 is not included in the Microsoft advisory for BlueKeep.

Quote of the Day

 
"If issuing patches for unsupported systems wasn't enough evidence that users should take notice of BlueKeep, Microsoft published a second alert urging users to take action." - Michael Heller

Learning Center

 

NSA issues BlueKeep warning as new PoC exploit demos
A security researcher demoed a proof-of-concept BlueKeep exploit that could lead to a full system takeover on the same day that the NSA issued a rare warning for users to patch against the flaw.

Microsoft issues second BlueKeep warning urging users to patch
Microsoft issued a second alert trying to push users to install the BlueKeep patch following the discovery of close to 1 million vulnerable systems and low patching rates.

'BlueKeep' Windows Remote Desktop flaw gets PoC exploits
The risks surrounding the recently patched Windows RDP flaw, called BlueKeep, continue to rise as security researchers create proof-of-concept exploits and see signs of scanning for vulnerable systems.

Stay informed about Microsoft security patches in 2019
Microsoft security patches challenge administrators every month to squash security risks, while still practicing caution against bad patches. Follow this guide for Patch Tuesday coverage with expert recommendations on which updates to address first and which might cause problems in the data center.

Microsoft plugs 4 zero-day exploits for June Patch Tuesday
June Patch Tuesday resolves 88 unique vulnerabilities, including four zero-days, but the BlueKeep Remote Desktop Protocol flaw revealed in May still concerns security experts due to its potential to cause damage similar to the WannaCry epidemic.

Quiz Yourself

 
To prevent a crippling worm attack, the Department of Homeland Security (DHS) urged that all users _______ application of the patch.
a. expedite
b. expediate

Answer

Stay in Touch

 
For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com

Visit the Word of the Day Archives and catch up on what you've missed!

FOLLOW US

TwitterRSS
About This E-Newsletter
This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for.
TechTarget

TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com

Copyright 2018 TechTarget. All rights reserved.

No comments: