Microsoft Security Vulnerability 

If you haven't already heard, the Australian Cyber Security Centre (ACSC) released a HIGH Alert warning on malicious activities and potential widespread abuse of the BlueKeep vulnerability known as CVE-2019-0708.  The vulnerability has been discovered in Microsoft's Remote Desktop Protocol (aka Terminal Services) affecting older versions of Microsoft Windows operating systems.  

Ensure that your client's devices are patched; especially if running older versions of Windows including Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008.

ESET's - We Live Security recommends organisations and users to:

  1. Patch, patch, patch. If you or your organization run a supported version of Windows, update it to the latest version. If possible, enable automatic updates. If you are still using unsupported Windows XP or Windows Server 2003 – for whatever reason – download and apply the patches as soon as possible.

  2. Disable Remote Desktop Protocol. Despite RDP itself not being vulnerable, Microsoft advises organization to disable it until the latest patches have been applied. Further, to minimize your attack surface, RDP should only be enabled on devices where it really is used and needed.

  3. Configure RDP properly. If your organization absolutely must use RDP, avoid exposing it to the public internet. Only devices on the LAN, or accessing via a VPN, should be able to establish a remote session. Another option is to filter RDP access using firewall, whitelisting only a specific IP range. The security of your remote sessions can be further improved by using multi-factor authentication.

  4. Enable Network Level Authentication (NLA). BlueKeep can be partially mitigated by having NLA enabled, as it requires the user to authenticate before a remote session is established and the flaw can be misused. However, as Microsoft adds, “affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.”

  5. Use a reliable multi-layered security solution that can detect and mitigate the attacks exploiting the flaw on the network level.

By Phoebe at 15 Aug 2019, 00:00 AM