ASD releases warning of BlueKeep vulnerability

The Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) released a warning late Monday urging Australian businesses using older Windows systems to install a patch to avoid potential exploitation of BlueKeep vulnerability, known as CVE-2019-0708.

"A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit," ACSC said in the alert.

"The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems."

Head of ACSC Rachel Noble believes that up to 50,000 devices could be affected in Australia, including some owned by the government and critical infrastructure operators.

It affects computers running Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems.

Microsoft's new vulnerability tracking service is about IT productivity (TechRepublic)

"In simple terms, an unpatched system gives criminals a front door to break into your network and steal your corporate and customer information," she said.

"Patching may require you to restart your computers but this is a small price to pay when the risk of a compromise occurring could harm your business and its customers."

 A patch for CVE-2019-0708 is available through Microsoft for download.

The vulnerability was first reported in May, and allows attackers to connect to Remote Desktop Protocol services (RDP) and issue commands which could steal or modify data, install malware and conduct other malicious activities.

The vulnerability is considered dangerous enough that Microsoft has repeatedly told users to apply the patches and even the National Security Agency (NSA) issued a public warning to patch against BlueKeep.

The vulnerability has similar worm-like spreading functions to EternalBlue, the leaked NSA hacking tool which powered the global WannaCry ransomware outbreak in 2017.

While there has been no signs of BlueKeep having been widely exploited, security researchers at Sophos reversed engineered the Microsoft patch and developed a proof of concept showing how attackers could deploy an attack against RDP systems without requiring any input from the victim.

Related Coverage

• US company selling weaponized BlueKeep exploit
• US cybersecurity firm selling weaponized BlueKeep exploit
• Reverse engineering of BlueKeep patch reveals how dangerous it is
• Google researchers disclose vulnerabilities for 'interactionless' iOS attacks
• A single actor is scanning Windows systems vulnerable to the BlueKeep flaw
• Intense scanning activity detected for BlueKeep RDP flaw