BlueKeep wormable vulnerability

BlueKeep wormable vulnerability

Another month, another Patch Tuesday update from Microsoft. But this Patch Tuesday is more serious than most, because Microsoft has patched a highly critical vulnerability. “How critical?” you ask? WannaCry-level critical.

Patch Tuesday updates for May came with fixes for 78 vulnerabilities with 18 fixes rated critical. What stole the limelight of May’s Patch Tuesday updates was the fix for a remote desktop service vulnerability, dubbed “BlueKeep” wormable vulnerability (CVE-2019-0708).

Microsoft describes BlueKeep vulnerability as, “wormable, meaning that any future malware that exploits this vulnerability could propagate from one vulnerable computer to another in a similar way WannaCry did in 2017.”

Please note that Microsoft has released patches for some unsupported operating systems still in use by many businesses and users, including Windows XP and Windows 2003.

BlueKeep Wormable vulnerability (CVE-2019-0708)

This vulnerability (CVE-2019-0708) resides in the “remote desktop services” component and could be exploited remotely by sending specially crafted requests over Remote Desktop Protocol (RDP) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008, and in older versions like Windows XP and Windows 2003 as well.

What makes the BlueKeep wormable vulnerability critical?

“This wormable vulnerability is pre-authentication and requires no user interaction” explains Simon Pope, director of incident response for the Microsoft Security Response Center (MSRC). In simple terms, this vulnerability can be easily exploited by any malware, as it occurs before any authentication.

The wormable vulnerability does not affect Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. Instead, it affects older OSs like Windows XP. If this reminds you of WannaCry, it’s because WannaCry was also prevalent in machines running Windows XP and other earlier versions.

How Patch Manager Plus can help protect your enterprise from this wormable vulnerability

ManageEngine Patch Manager Plus believes in a simple mantra to protect your enterprise from any cyberattack—patch everything and do it immediately. With features to automate patch management, test and approve patches, decline patches, and more, you can install the latest patches seamlessly to your endpoints as soon as they’re available.

Patch Manager Plus supports patching for all the major OSs like Windows, Mac, and Linux as well as patching for more than 500 third-party applications. This way, you’ll never miss a patch for any of your applications. Start automating your deployment tasks by downloading a free, 30-day trial of Patch Manager Plus.