- Microsoft is "confident" an exploit exists for CVE-2019-0708, or BlueKeep, a vulnerability in the Remote Desktop Protocol of older versions of Windows, according to a security blog post last week.
- The flaw is wormable, allowing for propagation similar to 2017's WannaCry. Proof of concept code for the vulnerability is available online, which makes heeding Microsoft's warning time-sensitive.
- The National Security Agency (NSA) issued a cybersecurity advisory regarding BlueKeep Tuesday. The NSA warns hackers could leverage the vulnerability for a denial of service attack, advising companies to block TCP Port 3389 at their firewalls, enable network level authentication and disable Remote Desktop Services if they aren't required.
Bad actors have a penchant for finding companies negligent of timely patches and vendors can only do so much to protect customers.
Microsoft's update warning is specifically for Windows 2003, XP and Vista, all of which are so outdated they are unsupported. However, it also includes Windows 7 and Windows Server 2008, according to Microsoft.
"This is an all-hands-on-deck situation," Jonathan Cran, head of research at Kenna Security, told CIO Dive in an email. "Most organizations are still running systems affected by BlueKeep, especially [Windows Server] 2008. Not to mention the vast number of embedded systems that still run XP or 2003."
As of May 28, there are nearly 1 million devices on the internet that are susceptible to the exploit, according to Errata Security. "Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines," according to the report's author, researcher Robert Graham.
In May 2017 the WannaCry ransomware attack targeted computers running Windows 7, a popular operating system, despite the rise in Windows 10. Microsoft had warned of updates months prior to the WannaCry cyberattack and it's clear the company "seems to be driven by the experience of WannaCry," said Cran.
WannaCry was able to prevail because of a lack of operational discipline, where updates and patches weren't completed. This time around, Microsoft "went the extra step to backport the patch and loudly announce it in an unprecedented move" to limit the impact of a potential cyberattack, according to Cran.
Companies have had two years since WannaCry to reevaluate systems and set up regular patching governance. Microsoft has issued several announcements pertaining to the threat of an exploit, especially when it applies to largely legacy systems, or ones accommodating to upgrades.