Cyber-Tip of the Week 11/18/2019 - Bluekeep RDP

In this week’s episode of Silicon Valley Insider with Richard Dennis, my weekly Cyber-Tip was on the “Bluekeep” security vulnerability which Microsoft announced back in May of 2019. 

Bluekeep’s first attacks are just now emerging and are relatively “low damage” as it appears to be affecting cryptomining. In reality, this threat is very serious because of Bluekeep’s ability to self-replicate. This vulnerability has the potential to be on the scale of 2017’s WannaCry.  According to TechCrunch - “WannaCry affected hundreds of thousands of computers in 150 countries in a matter of hours.” It is believed there are still over 1.7 million infected endpoints two years later. It is reported that the economic losses are estimated at $4 billion USD and counting.

Whether you are an individual, business owner or corporate system administrator there are two things you can do immediately to secure your computer and systems:

1) Patching - Almost all the risks associated with Bluekeep, WannaCry  and similar types of “wormable” vulnerabilities can be mitigated by simply keeping all the systems you control patched. These are things you should alway do whether you are an individual, business owner, or corporate system administrator. - Microsoft Security Response Center 

2) Disable Remote Desktop Protocol (RDP) - To make this even more personal, many of you will relate to being “tech support” for a family member or friend. For some, we use RDP which stands for “Remote Desktop Protocol” so that we could fix the computers remotely. RDP is one of the primary vectors of Bluekeep in older Windows operating systems. If you don’t need to have RDP on, you should turn off the functionality.

Avast, along with a number of other news outlets, have a detailed article with links on who discovered the vulnerabilities.