Bluekeep: The latest security threat

For the past few weeks, security professionals have been getting louder about the latest security threat for Windows users. A recently patched Windows vulnerability called Bluekeep (CVE-2019-0708) has the potential to trigger attacks not seen since WannaCry. This cost roughly $4 billion worldwide.

More people are taking this seriously now after a researcher at security firm RiskSense released a step-by-step video. It shows that the threat is real and also just how damaging it could be. They quickly gained access to machines with full systems privileges. They also accessed cryptographic hashes of passwords for computers on the same network.

Why is Bluekeep dangerous?

Bluekeep can infect unpatched Windows computers over remote desktop services. Systems from Windows 2008 R2 and back are especially vulnerable. They make up almost one million computers worldwide according to recent reports.

Last Friday, members of the Microsoft Security Response Team begged organisations that hadn’t patched vulnerable machines to do so without delay. “It only takes one vulnerable computer connected to the Internet to provide a gateway into corporate networks, where advanced malware could spread, infecting computers across the enterprise,” MSRC members wrote. In a rare move, officials with the National Security Agency echoed Microsoft’s warning.

Arstechnica.com – Warnings of worldwide worm attacks are the real deal, new exploit shows

So why aren’t organisations protecting themselves?

In the case of WannaCry, systems were left unprotected months after patches were released. This was even after lots of news coverage and also threat warnings. We don’t think the response to this threat will be any different.

There are many reasons why organisations leave computers and systems unpatched. In many cases, such as around the clock tasks or in mission-critical environments, older versions of Windows are in use. This is where downtime is either expensive or impossible (like in manufacturing or medical environments).

How can you protect against Bluekeep?

You are at risk if you are running unpatched versions of Windows 2003 and XP. Bluekeep also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. It doesn’t affect later versions of Windows.

The full method of patching your systems properly can be found in Microsoft’s guide.

But what if you can’t patch your systems for the reasons we have mentioned? Or what if you can’t patch them as fast as you would like/need to?

Trend Micro Deep Security

We are already protecting our customers with Trend Micro Deep Security. This is a security solution that acts as a fence around your systems to defend against these types of weaknesses.

Deep Security is comprised of a security management component and also a small footprint agent. The latter sits on each server (or in your Cloud solution). The manager holds a database of vulnerability signatures which it communicates to each agent. The agent monitors traffic on the network level and scans for known vulnerability signatures. It will either report the incident or block the traffic.

How Support Revolution customers are protected

As Trend Micro Deep Security is a rule-based system, it publishes new rules regularly. A console downloads these rules with a ‘threat level,’ and the customer then chooses which updates to apply and when.  The deployment of new rules has minimum impact on the production systems. This means the time between identifying a vulnerability to protection is just hours.

Trend Micro Deep Security has already released a rule update (1009749, released on 16 May 2019). It enables detection and also protection against attackers attempting to use this exploit. We have already deployed this onto the systems that we manage.

We are already protecting all of our customers against this exploit. They don’t need to spend any time or money patching their systems manually.

Learn more about how we protect our customers

As we’ve mentioned, we already protect our customers against this vulnerability with our modern patching and also our security methods. You can learn more about how we protect our customers by reading our guide on the subject.

[ivory-search id="29433" title="Default Search Form"]