Australia’s cybersecurity agency recently alerted for urgent Microsoft updates to be implemented after the first public release of the ‘BlueKeep’ flaw. The Australian Cyber Security Centre (ACSC) issued a warning to IT managers regarding update security on old Windows systems, as well as installing a ‘BlueKeep’ vulnerability patch released by Microsoft last month.
The BlueKeep exploit was released publicly by cyber-security firm Rapid7 on 6 September utilizing an open-source Metasploit framework. The vulnerability, also known as CVE-2019-0708, targets the Remote Desktop Protocol (RDP) service in OS like Windows XP, Windows 2003, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
Microsoft earlier reported that the vulnerability is ‘wormable‘, meaning malware exploiting the vulnerability can spread between equally vulnerable computers. “Australian businesses and users of older versions of Windows should update their systems as soon as practically possible before hackers further refine their tools and trade-craft to fully utilise this exploit,” said the agency.
As such, the ACSC advised the users to deny access to Remote Desktop Protocols (RDP) directly from the internet, or use a Virtual Private Network (VPN) instead, with multi-factor authentication if RDPs are needed, regardless of the version of Windows in use. The ACSC, which works under the Australian Signals Directorate, first warned about the BlueKeep flaw in June, notifying the government and critical infrastructure partners of the potential for significant, widespread harm around the world.
The agency said that, if left unpatched, actors can move laterally across a network if the vulnerability is exploited. In August, the body issued another warning that claimed up to up to 50,000 systems of Australian entities could be affected. “Any organisation or business that relies on the older Microsoft systems is at risk,” Rachel Noble, ACSC head said at the time. “The compromise of an unpatched system could increase the chance that your network could be exploited.”