HomeNewsCompanyMicrosoft’s BlueKeep Flaw Detected

Microsoft’s BlueKeep Flaw Detected


Last Updated on 19/09/2019 by TDH Publishing (A)

Australia’s cybersecurity agency recently alerted for urgent Microsoft updates to be implemented after the first public release of the ‘BlueKeep’ flaw. The Australian Cyber Security Centre (ACSC) issued a warning to IT managers regarding update security on old Windows systems, as well as installing a ‘BlueKeep’ vulnerability patch released by Microsoft last month.

Image result for Windows BlueKeep Flaw

The BlueKeep exploit was released publicly by cyber-security firm Rapid7 on 6 September utilizing an open-source Metasploit framework. The vulnerability, also known as CVE-2019-0708, targets the Remote Desktop Protocol (RDP) service in OS like Windows XP, Windows 2003, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

Microsoft earlier reported that the vulnerability is ‘wormable‘, meaning malware exploiting the vulnerability can spread between equally vulnerable computers. “Australian businesses and users of older versions of Windows should update their systems as soon as practically possible before hackers further refine their tools and trade-craft to fully utilise this exploit,” said the agency.

As such, the ACSC advised the users to deny access to Remote Desktop Protocols (RDP) directly from the internet, or use a Virtual Private Network (VPN) instead, with multi-factor authentication if RDPs are needed, regardless of the version of Windows in use. The ACSC, which works under the Australian Signals Directorate, first warned about the BlueKeep flaw in June, notifying the government and critical infrastructure partners of the potential for significant, widespread harm around the world.

Related image

The agency said that, if left unpatched, actors can move laterally across a network if the vulnerability is exploited. In August, the body issued another warning that claimed up to up to 50,000 systems of Australian entities could be affected. “Any organisation or business that relies on the older Microsoft systems is at risk,” Rachel Noble, ACSC head said at the time. “The compromise of an unpatched system could increase the chance that your network could be exploited.”

James J
James J
James has been writing about tech since 2009 after spending 25 years in a computer research lab studying computers. He watches Netflix, especially sci-fi with his pet lie enjoying chips.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...