BlueKeep is a significant vulnerability that was discovered some months ago. After that there have been security updates that don’t really help much. Windows users are still looking for a patch to cure themselves of what has come to be known as BlueKeep.
The Vulnerability Known as BlueKeep:
CVE-2019-0708 vulnerability or more commonly known as BlueKeep was first noticed in May of this year. The threat allows attackers to take advantage of Remote Desktop Protocol Services or RDP for short to issue commands. These commands could be used to steal, modify or other wise install malware on your computer.
BlueKeep has been serious enough for Microsoft to issue a warning to users telling them to install patches as and when they come through. Besides this, USA’s National Security Agency or the NSA has also advised users to safeguard themselves from BlueKeep by patching up against it.
Similar to Something?
BlueKeep has similar worm like spreading traits, similar to one other vulnerability known as EternalBlue. EternalBlue was a leaked hacking tool of the NSA that powered the WannaCry ransomware back in 2017.
BlueKeep is so severe that it affects older versions of Windows too. This would include Windows XP, Windows Server 2003, Windows 7 and Windows Server 2008.
Its severity is compounded by the fact that Microsoft is even issuing patches for earlier versions of Windows, which normally wouldn’t get any support.
At present there has not been any reported cases of BlueKeep being taken advantage of by hackers. But researchers at Sophos have reversed engineered the vulnerability, to demonstrate how attackers could get into someone’s computer. The attackers could get into the system using RDP systems and that too without any input required from the user.
What Can Hackers Do?
If an attacker were to take advantage of a system vulnerability that is BlueKeep, they can then issue destructive commands, thus affecting your PC. If hackers were to do this, millions of Windows PCs would be at risk.
Researchers have even demonstrated how by using a Windows 7 virtual PC they were able to use BlueKeep to alter the accessibility menu on Windows to get through security or bypass it and gain access to an individual’s desktop. From here its anyone’s guess. But guess more on the lines of something nefarious.
If you can’t think of anything, then here are some few examples. These exploits could be used to install everything from a Trojan horse to stealthy attacks, to wiping entire networks or even deploying ransomware.
An attack of this sort comes under a “spray and pray” technique where by the hackers are not concerned with whom their targeting. The idea is to target as many PCs as possible. Researchers at present have not disclosed their proof of technique for fear of it being used by malicious actors.
What is Recommended to keep BlueKeep Vulnerabilities at Bay?
As mentioned earlier the most critical advice is to get patches installed as and when they come through. But other than that, you could always disconnect the RDP where it is not really required and use a VPN instead.