A rare vulnerability in remote desktop services, known as “BlueKeep” [CVE-2019-0708], was announced by Microsoft[1] and confirmed by security researchers[2].
This is considered “wormable” since it can be remotely exploited and requires no interaction by the user to cause a machine to be infected. These are the same factors that enabled the WannaCry malware to take advantage of the SMB EternalBlue vulnerability in order to spread quickly back in 2016.
Learn more about our data insights into BlueKeep[3].
Risks
- If exploited by an external attacker, this can lead to full system compromise, without requiring any form of authentication or user interaction (remote code execution).
- Affects Windows Server 2003, Windows Server 2008, Windows XP, and Windows 7.
- In an unusual step, Microsoft has provided fixes for operating systems that have long been in an unsupported status (“end-of-life”), namely Windows XP and Windows Server 2003.
Remediation
We recommend patching by installing Microsoft’s Security Updates[4] and no longer exposing that port externally, and then asking your third parties who have that port open to do the same.
Third Party Risk Management
To see if a company in your portfolio is affected, search for “CVE-2019-0708” within the Vulnerabilities filter in your Companies List.
Security Performance Management
- To see if your organization is affected, search for “CVE-2019-0708” within your Patching Cadence findings.
- To see if your organization is potentially affected, search for “MS RDP with screen capture” within your Open Port findings.