On May 14th, Microsoft released a patch for CVE-2019-0708, a serious flaw in Remote Desktop (RDP) which allows an outsider to gain full access to a Windows machine without any authentication by sending malformed packets to a listening RDP server. This vulnerability has recently been dubbed “BlueKeep.” It has been rumored that there may be an active exploit being sold on the dark web. This exploit has also been described as “wormable” which means we could see an outbreak on a similar level as Wannacry in the very near future. This is a matter of utmost importance to the safety of our networks!
All Microsoft Windows machines should apply their security fixes from Windows Update as soon as possible, especially if Remote Desktop is enabled. This means servers, workstations, and IoT running Windows. Microsoft has even released a fix for older Windows which have reached EOL, like XP and Server 2003 called KB4500705.
If patches cannot be applied in a timely fashion it is recommended that RDP be shut off until the patch can be applied.
As always, SecuLore recommends that any RDP servers be used internal to networks only–that is, never open TCP 3389 to the Internet without first whitelisting intended outside hosts. RDP has a long history of serious vulnerabilities and this latest one is one of the worst. Using a VPN for remote access into a trusted network prior to using other remote access methodologies such as RDP is a good strategy.
SecuLore Support Team