Microsoft is again urging users who are running older versions of Windows to patch their systems against a critical Remote Code Execution vulnerability (CVE-2019-0708) in Remote Desktop Services. Otherwise known as BlueKeep, it’s a “wormable” vulnerability that attackers could leverage to spread malware like WannaCry. The bug does not affect Windows 8 and Windows 10, but XP and 7 users (as well as server editions) really ought to update.
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Microsoft wanted to remind users of the bug this week because it thinks an attack is likely, and there’s still a ton of machines that haven’t updated. Needless to say, corporate environments could be at a significant risk.
Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.