Skip to content

Everything you need to know about the BlueKeep vulnerability

Web Hosting Blog

On 14th May Microsoft released a security patch for a dangerous Windows vulnerability, CVE-2019-0708, which was found by the UK’s National Cyber Security Centre (NCSC) and reported privately to Microsoft. BlueKeep is a ‘wormable’ vulnerability which affects Remote Desktop Services in some older versions of Windows. Microsoft say “any future malware which exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” It is important to note that the NCSC information does say that there is “currently no exploitation of this vulnerability”, but all the same, it is a particularly nasty threat. This is why Microsoft have provided a security update for not only their currently supported versions, but also for affected out-of-support versions of Windows.

 

Vulnerable in-support systems:

– Windows 7

– Windows Server 2008 R2

– Windows Server 2008

Vulnerable out of support systems:

– Windows 2003

– Windows XP

 

Microsoft have advised that if you are using an out-of-support system, the best way to address the vulnerability is to upgrade to the latest versions.

Windows 8 and Windows 10, and the latest versions of Windows are NOT affected.

 

NCSC recommends that organisations should apply the security patches, particularly focusing on the following areas:

– external facing RDP servers

– critical servers such as domain controllers and management servers

– non-critical servers but those with RDP enabled

– the rest of the desktop estate

 

Any managed customers of CWCS can be safe in the knowledge that we have already taken care of the updates for you. If CWCS does not manage the server you have with us, it is critical that you check to see if this vulnerability affects you and update your systems as a priority. If you are not sure of the level of management you have with us, or require any assistance with this please contact our support team on 0808 1 333 247.

 

Further Reading:

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://support.microsoft.com/en-gb/help/4500705/customer-guidance-for-cve-2019-0708

https://www.ncsc.gov.uk/report/weekly-threat-report-17th-may-2019