How to Check if Your System is Vulnerable to the BlueKeep RDP Flaw
As reported by ZDNet, there’s recently been activity around the BlueKeep vulnerability (CVE-2019-0708). The jury is still out on who, but someone has been doing some heavy scanning for it from behind a Tor node. Most in the infosec community agree that this is probably the precursor to a larger attack or a series of attacks.
Already, several in the cybersecurity community have confirmed that they’ve developed exploits for the BlueKeep vulnerability, though none have deigned to publish any code just yet. Meanwhile, Microsoft itself released a patch for the vulnerability on May 14, with the ominous title of Prevent a worm by updating Remote Desktop Services. If you’ve already applied that patch, you’re probably in the clear.
I still highly recommend you download and install this tool created by RiskSense’s Sean Dillon. It will allow you to quickly scan your device fleet for any systems that haven’t been properly-patched against the flaw. You can also apply the following micro-patch to help safeguard your systems against attack until you can apply the full update.
Just like EternalBlue before it, BlueKeep is a vulnerability that’s been around for a while, even if it was only recently patched. It’s just another reminder that, in spite of how much the media likes to cover sophisticated cyberattacks perpetrated by black hat organizations, the vast majority of successful attacks are the result of simple, easily-addressable exploits. They’re the result of hackers counting on businesses falling behind on security patches.
“Cybercriminals seek vulnerabilities that provide a huge yield, no matter how old they are … Typically, cybercriminals don’t develop the malicious code from scratch, but adapt it from demos that validate the finding or take it from penetration testing tools such as Metasploit,” reads a post on the Bitdefender blog. “Hackers are not particularly interested in new and original methods to compromise a device. They will walk a beaten path for as long as they can get a benefit, no matter how small it is.”
There is no doubt in my mind that BlueKeep will be the source of another major ransomware epidemic in the very near future. The most you can do is patch your own systems to ensure you aren’t caught up in it.
A pessimistic outlook, perhaps. But given how widespread WannaCry was, it seems a depressingly accurate one as well.