On May 14th 2019, Microsoft released a patch for the vulnerability called BlueKeep. This vulnerability, identified by CVE 2019 -0708 can affect RDP on computers running Windows operating system.
How dangerous is BlueKeep?
- BlueKeep can affect millions of computers worldwide
- The affected computers are vulnerable to remote code execution
- Finally, this vulnerability can be weaponized to be wormable, enabling it to self propagate and spread quickly, similar to Wanna Cry.
What is RDP?
Remote Desktop Protocol or RDP service helps users to connect to remote Windows machines. RDP uses TCP 3389, to enable connection between a client and server using bidirectional virtual channels.
What if an attacker exploits BlueKeep vulnerability?
Once the BlueKeep vulnerability has been exploited, an attacker can use malicious methods to gain access to USE-AFTER-FREE vulnerability. This lets the attacker to execute arbitrary code with Kernel level privileges.
What can you do to stay safe?
- Apply the latest Microsoft Windows patch as soon as possible
- Disable RDP on non sensitive systems
- Monitor incoming RDP connections that attempt to bind a custom channel named MS_T120
Watch the below video by Kali Pentesting to see the BlueKeep vulnerability exploitation in action and to learn ways to block it.
The below video by McAfee explains what BlueKeep vulnerability is in detail.
BlueKeep is highly severe and it is really important to update your Windows based personal computer or server to avoid an attack.