‘BlueKeep’ Critical Windows Remote Desktop Vulnerability

Earlier this month, Microsoft released a patch for a critical vulnerability in Windows Remote Desktop Services. The vulnerability, assigned CVE-2019-0708 and dubbed ‘BlueKeep’, was considered serious enough for Microsoft to make the rare decision to release patches for various out-of-support operating system versions, as far back as Windows XP.

As the Microsoft advisory states, ‘the vulnerability is “wormable”, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.’ Windows 8 and 10 are unaffected, but the soon-to-be-out-of-support Windows 7 is vulnerable.

Two weeks after the patch release, security researcher Rob Graham has claimed to have detected almost 1m Internet-accessible devices still vulnerable, warning that ‘hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines.’

Please ensure that all Internet-facing devices running vulnerable Windows OS versions are fully-up-to-date.

Scroll to Top