Bluekeep: Bad to Very Bad

You may not have heard of it directly, but you’ve almost certainly heard about some of its effects. Most notably, Microsoft updating software that’s almost 20 years old.

Bluekeep is a vulnerability in Microsoft Windows that goes all the way back to Windows XP. It affects Windows versions through Server 2008 (including Vista and Windows 7). The actual vulnerability is in the Remote Desktop Protocol (RDP), and allows an attacker to take over a Windows machine without any user interaction at all.

This means that if your Windows machine has an internet connection with RDP exposed without the protection of a firewall, it’s vulnerable to takeover. It probably goes without saying, but if one machine on your network is compromised, it’s only a matter of time before other computers on your network (even if they only connect briefly) are infected

It was this bad when Bluekeep was disclosed in May of 2019. And now it’s even worse.

That’s because even though a vulnerability existed, it wasn’t necessarily easy to implement. But that changes a few days ago when a security researcher published a slide deck to GitHub that is essentially a step-by-step method for almost anyone with minimal knowledge to use this RDP vulnerability.

This means that instead of needing lots of knowledge and experience, exploiting this vulnerability is now not much more complicated than cutting and pasting code.

This vulnerability is so bad, that Microsoft took the unusual (but important) step of patching the vulnerability in Windows versions that are way outside their security patch windows. If you have a computer that runs Windows XP, Vista, Windows 7, Windows Server 2003, or Windows Server 2008, patch your system(s) immediately. Windows 8 and Windows 10 are not affected by this vulnerability.

Since this exploit is “silent” and requires no user interaction, the chances of infection are very high. Microsoft says the effects of this vulnerability could be similar to (or worse than) the WannaCry exploit that knocked out dozens of vital networks in 2017.

If you’ve got an older computer still using one of these Windows versions, update now.