Bluekeep – also known as CVE-2019-0708 - is a critical Remote Code Execution vulnerability within the Remote Desktop Protocol (RDP) which targets vulnerable, outdated systems operating RDP. Once installed, Bluekeep has the potential to spread in a network utilising security weakness within the system. The exploit can self-replicate without any user interaction, allowing it to propagate to other systems with the same vulnerabilities.
The exploit affects numerous operating systems; Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008. It operates by sending manipulated packets to a system running RDP, upon the packets arrival on the system the attacker can execute various tasks. Further developments into the Bluekeep exploit shows it could be used as a backdoor into a target device, without any preventions such as credentials involved.
Cyber Essentials sets a baseline for systems security, covering important security factors in different areas of the network. Following the Cyber Essentials recommendations will safeguard the organisations network from this exploit.
The scheme requires all software installed on computers be licensed and supported. This ensures the software used by the organisation is legally used in addition to, the software being currently supported by the vendor to receive regular updates. Unsupported software means identified security flaws have not been patched with the latest updates leaving the device vulnerable to many established exploits such as Bluekeep.
The Cyber Essentials scheme requires all critical software updates are completed within 14 days of the update being released from the vendor. Windows release patches on a regular basis with hot fixes being provided for urgent patching. Once a month a patch is released to include all new design and security features providing a higher level of security for identified threats. By ensuring updates are done within a set time period (14 days) means the device is not left vulnerable due to outdated patch work.
Cyber Essentials requires that any unused software or network services be disabled or removed. As part of a Bluekeep prevention strategy it is advised users disable unused and irrelevant RDP ports. An unsecure port can be viewed as an entry point for attackers attempting to run a protocol on this port. Therefore, to secure these ports would help to strengthen security for many exploits.
Therefore, if your company is adhering to the rules of Cyber Essentials your company will have resistance to the Bluekeep exploit as part of its thorough security process.
Should you have any concerns, please get in touch with our experts on 0141 411 0101