Thousands of devices at risk from BlueKeep exploit: ASD
The Australian Signals Directorate has issued a security alert warning of a potential exploitation of the major BlueKeep remote code execution vulnerability.
The agency has urged the thousands of Australian businesses still using older Windows operating systems to immediately install Microsoft’s Windows BlueKeep vulnerability patch to mitigate the threat.
“A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit,” the ASD said in its threat advisory.
“The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems.”
Australian Cyber Security Centre head Rachel Noble estimated that up to 50,000 devices owned by Australian organisations could be affected.
The BlueKeep remote code execution vulnerability affects older versions of Windows including Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008. It is characterised by the ability to propagate through vulnerable systems with no user interaction at all.
In an indication of the severity of the threat, Microsoft took the unusual step of issuing BlueKeep patches for out-of-support operating systems in the wake of the discovery.
As well as immediately patching affected operating systems, the ASD is urging organisations and individuals using any version of Windows to deny access to remote desktop protocols directly from the internet. If these protocols are required, they should be used through a VPN with multifactor authentication.
The ASD has also previously advised organisations to limit internal network remote desktop protocols with appropriate internal network segmentation, and by denying standard workstations from arbitrarily connecting to servers or workstations over these or any other unnecessary protocols.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Measuring inefficiency
With a view to improving my 'leanness' and stop myself working so many extra hours, I...
Cybersecurity advice in the wake of Ukraine
In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...
Why major IT changes can wait
Attempting major IT changes late in the day — or week — can be a recipe for disaster.