Security Technology Reminder: Microsoft Operating System BlueKeep

Microsoft Operating System BlueKeep

Home

News & Articles

Recent Post

The Impact Of Vulnerability:

1.  Affected Operating System Windows.

2. Remote attackers can gain control of vulnerable systems.

3. Full system compromise remotely even without authentication to the system.

4. Attackers can create exploits and malware which can self-spread and propagate from system to system thus causing havoc to multiple unpatched servers or workstations.

5. The attacker could take control of an affected system.An attacker could then install programs view change or delete data or create new accounts with full user rights. Attackers can conduct denial of services attacks.

Remediation Of Vulnerability:

1.Disable Remote Desktop Services if they are not required.

2. Patch all of your Windows machines with the patches released by Microsoft.

3. System admin have to block RDP port 3389 if not needed(usinga network firewall or even the Windows firewall).

4. System admin have to enabling network level authentication in RDP services to prevent attackers from performing remote code execution without valid credentials.

5. Deployed IPS solutions are already protected from this vulnerability with the following signature MS.Windows.RDP.Channel.MS_T120.Remote.Code.Execution

 

Updated version here https://portal.msrc.microsoft.com/en-US/security guidance/advisory/CVE-2019-0708

Reference

1. https://www.us-cert.gov/ncas/alerts/AA19-168A
2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
3. https://searchsecurity.techtarget.com/definition/BlueKeep-CVE-2019-0708
4. https://blog.f-secure.com/patch-bluekeep-rdp-vulnerability-cve-2019-0708/

Leave a Reply

Your email address will not be published. Required fields are marked *

12-21, Level 12, Wangsa 118, Jalan Wangsa Delima, Wangsa Maju, 53300 Kuala Lumpur

Facebook-f Instagram

Quick Links

News & Articles

Info

Copyright Since 2014, Envy Formula Sdn Bhd.