Aussie cyber spooks urgently upgrade legacy Windows RDP exploit warning on wormable BlueKeep, say 50K Oz devices at riskAugust 12, 2019
“Aware of malicious activity that indicates potential widespread abuse”.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued a late evening warning to business and government that a recently revealed legacy Windows exploit has jumped ‘research’ quarantine and is expected to start fanging victims imminently.
“A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit,” ACSC said in an alert.
“The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems.”
ACSC chief Rachel Noble reckons up to 50,000 devices of Australian entities could be affected, with the protectorate having already “notified governments and critical infrastructure operators across Australia.”
“Any organisation or business that relies on the older Microsoft systems is at risk,” Ms Noble said.
“The compromise of an unpatched system could increase the chance that your network could be exploited.”
Noble stressed that the inconvenience of rolling the already available patch was easily outweighed by the potential consequences.
“Patching may require you to restart your computers but this is a small price to pay when the risk of a compromise occurring could harm your business and its customers,” Noble said, pointing to the patch which has been available for weeks.
“It is critical that organisations and individuals operating older versions of Windows systems.” ASD said. “Immediately install Windows’ BlueKeep vulnerability patch – CVE-2019-0708, available at https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/ .”
In May Microsoft warned the criticial vulnerability could lead to large-scale attacks like the WannaCry ransomware epidemic in 2017 that crippled hundreds of thousands of computers around the world.
The ACSC says Microsoft’s advisory provides fixes for vulnerable in-support systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008 and out-of-support systems including Windows 2003 and Window XP.
On 6 June 2019 ASD advised Windows users to deny access to Remote Desktop Protocols (RDP) directly from the internet, block all access to RDP, and “utilise a VPN with multifactor authentication, if internet based access to RDP is required.”