Microsoft Windows administrators warned about ‘Bluekeep’
The Sri Lanka Computer Emergency Readiness Team (SLCERT) had issued an advisory urging Microsoft Windows administrators and users to update their older Windows systems to protect against the ‘Bluekeep’ vulnerability.
The Bluekeep (CVE-2019-0708) vulnerability exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows operating systems.
Earlier, Microsoft had issued a security notice to its users to update their systems as some older versions of Windows could be vulnerable to cyber-attacks.an attacker can exploit this vulnerability to perform remote code execution on an unprotected system.
Speaking to Daily Mirror yesterday SLCERT Information Security Engineer Ravindu Meegasmulla said, an advisory from Microsoft confirmed that an attacker can send modified and specifically crafted packets to one of the above-operating systems that have RDP enabled.
The Bluekeep is considered a worm, exploiting this vulnerability on a system could propagate to other vulnerable systems and use the same pattern as Wannacry malware, he said.
The Bluekeep, that exists in the Microsoft Windows Operating Systems (OSS) such as Windows 2000,Windows Vista,windows XP, Windows 7,Windows Server 2003,Windows Server 2003 R2,windows Server 2008 and Windows Server 2008 R2 including both 32and 64-bit versions, as well as all Service Pack versions.
A cyber-attacker can exploit this vulnerability to take control of an affected system,he said.after entering a system through an RDP enabled system, an attacker can send specially crafted packets to one of the above operating systems.after successfully sending the packets, the attacker would have the ability to perform a number of actions such as adding accounts with full user rights,viewing,changing, or deleting data or installing programmes.this exploit, which requires no user interaction, must occur before authentication to be successful.
The SLCERT advised users and administrators to review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and take appropriate mitigation measures as soon as possible.
They suggested installing available patches and security updates to patch this vulnerability which released by the Microsoft Corporation. Suggest installing patches for the abovementioned number of OSS that are no longer officially supported.
The SLCERT encourages users and administrators to test patches before installation. For OSS that do not have patches or systems that cannot be patched, other mitigation steps can be used to help protect against Bluekeep.
The following precautions such as blocking the TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet.this port is used in RDP protocol and will block attempts to establish a connection. Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication. Disable remote Desktop Services if they are not required. Disabling unused and unnecessary services helps reduce exposure to security vulnerabilities overall and is a best practice even without the Bluekeep threat, Upgrade end-of-life (EOL) OSS.