The Australian Signals Directorate (ASD) has issued a warning stating that organizations using the older versions of Windows operating systems such as Windows Vista, Windows 7, Windows XP, Windows Server 2003, and Windows Server 2008 can fall victim to the BlueKeep vulnerability known as CVE-2019-0708.
Although the issue was first discovered in May, it was recently brought to light when a security researcher under the Twitter handle @zerosum0x0 revealed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit, a penetration testing product that helps security teams assess the vulnerabilities in a network.
The ASD has urged all organizations who are running older versions of Windows systems to install the Windows’ BlueKeep vulnerability patch CVE-2019-0708. Also, businesses are urged to avoid connecting to Remote Desktop Protocols directly from the internet, or to use a VPN, SSL Tunnel, RDP gateway, or Network Level Authentication (NLA) if absolutely necessary.
Although there have so far been no confirmed attacks in the wild due to this vulnerability, it has the potential to cause a great deal of harm due to its ability to self-replicate, similar to EternalBlue, which caused the WannaCry, NotPetya, and Bad Rabbit outbreaks in 2017.
This vulnerability does not require users to click on or download any link to be affected, since it propagates from one vulnerable system to another. This makes it all the more necessary for organizations to apply the recommended patch to every applicable device in the network immediately.
According to the head of ASD’s Australian Cyber Security Centre (ACSC), Rachel Noble, around 50,000 devices in organizations across Australia could be at risk. The ACSC has also informed the government bodies in Australia and requested that they install the patch to avoid compromising any sensitive information.
Even though the government of Australia has taken steps to notify the businesses in their region formally, home users who are using older versions of the Windows OS are also at risk. This is why it's important to apply the patch and follow the recommended practices mentioned above.
You will receive weekly cybersecurity news soon!
© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.