Background
First discovered in May 2019, BlueKeep is a potentially serious vulnerability in the Microsoft Remote Desktop protocol (RDP). This could allow attackers to use specially crafted traffic to Windows Servers to gain sufficient access to run their own code, create user accounts and gain access to data. Organisations such as the American NSA, Australian Cyber Security Centre and the UK National Cyber Security Centre have issued warnings to companies to make sure servers are patched.
Microsoft Response
In an unusual step, Microsoft has not only patched all the current versions of Windows which run RDP, but also unsupported versions including Windows XP and Server 2003. This action underlines the importance of patching servers against exploit by attackers using this vulnerability. Microsoft have likened this vulnerability to the WannaCry outbreak which hit the headlines last year when the NHS were widely infected.
Mitigation
As well as making sure that servers are patched, the best advice is not to have remote desktop servers exposed to the internet at all. In recent years Westcom has worked with customers to ensure that servers are only accessible via a VPN to add an additional level of security for remote users. In addition, two-factor authentication can be used, like that used for on-line banking, to further secure access.
As many in the information security community say, attacks such as these don’t get worst, they only get better. Protecting your network with a comprehensive firewall solution which is managed and tested, along with regular patching of servers really is the best solution. Speak with Westcom to find out how we can help review your current security set-up and how it can be improved.
