Microsoft is urging all the users of Windows computers running on Windows 7 and earlier versions to patch their systems against a new vulnerability called BlueKeep. Security researchers all over the world are comparing this new BlueKeep vulnerability to the EternalBlue vulnerability from a few years ago that was exploited by ransomware like WannaCry and NotPetya.
What is BlueKeep?
BlueKeep is a security vulnerability in RDS (remote desktop services) that affects Windows 7 SP1, Windows Server 2003, Windows XP, Windows Server 2008 and Windows Server 2008 R2. This may affect all of the service packs for a system, for example, both Windows 7 and Windows 7 SP1, but Microsoft is providing patches only for the latest service packs.
Exploiting BlueKeep, a remote attacker can send request to connect to your system through RDP (remote desktop protocol). By sending a specially crafted data packet that RDP does not understand, the attacker is able to cause memory corruption and remotely execute code with the NT Authority/System user access level.
How to Patch Windows against BlueKeep?
Microsoft has released hotfixes for all the versions of Windows affected by BlueKeep including Windows XP. For downloading the individual patches for your version of Windows, you can visit :
- For Windows 7 SP1 and Windows Server 2008 : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708.
- For Windows XP and Windows Server 2003 : https://support.microsoft.com/en-in/help/4500331/windows-update-kb4500331
These links have a list of direct downloads from Microsoft Catalog, you can follow the links labeled “Security Update” for your version of Windows for downloads. The downloads are for otherwise fully updated Windows systems, for example, you won’t find patches for Windows XP SP1 x86 or Windows XP SP2 x86 since the last service pack released for Windows XP x86 is SP3.
Other than installing these patches, you should disable RDP (remote desktop protocol) on computers that do not really need these services. For example, home users seldom need these remote desktop services. Even larger organizations don’t need RDP enabled on all of their computers. And obviously, if you are able to update to a newer operating system then please do so as BlueKeep does not affect Windows 8.x or Windows 10.
In order to disable remote desktop connections on your Windows PC, you can download enable-disable-remote-connections.zip, extract its contents to a folder and double-click on disable-remote-connections.reg. Similarly, you can re-enable remote desktop connections by merging enable-remote-connections.reg in your system. Alternatively, you can press Win+Pause, choose Advanced system settings, choose Remote tab and disable all the settings for remote connections.
Thanks for the heads up.
How does one “disable RDS (remote desktop service)”
You can download the ZIP file mentioned and use the REG file inside it for disabling remote connections. There is another REG file for re-enabling remote connections if needed.