Data Backup Digest

BlueKeep is the name given to a Microsoft-specific security vulnerability that was originally reported in May 2019. Although Windows 2000 is the only operating system that has reported vulnerabilities to BlueKeep, its effect could end up being catastrophic if left unchecked.

Since it centers on the Remote Desktop Services utility of Windows 2000, systems that become infected could easily pass it onto others. Top IT security experts are comparing the potential effects to the WannaCry ransomware attack of May 2017.

Thankfully, there aren't any known cases of BlueKeep malware as of yet – but that doesn't mean it's not possible. In fact, a proof of concept has already been published that outlines exactly how a BlueKeep attack could come to fruition. Thankfully, these documents have not been made available to the public.

As a self-propagating worm, the attack could originate in one or two computers and quickly spread to millions of machines. In addition to WannaCry, some experts are also likening BlueKeep to the NotPetya ransomware from 2016.

The problem is so serious that the team with Microsoft has even issued a statement that reads, in part: "On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this topic we warned that the vulnerability is ‘wormable’, and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017."

Microsoft's blog post also urges users of Windows 2000 to update their systems as soon as possible. Not only will this decrease the risk of BlueKeep, but it could help contain an outbreak and minimize the potential damages.

But Microsoft isn't the only group concerned about BlueKeep. The National Security Agency (NSA) has even issued their own statement regarding BlueKeep that reads, in part: "This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems."

They also offer a few tips to help prevent BlueKeep and stop it from spreading, including:

- Blocking TCP Port 3389 on your modem, router, or firewall

- Enabling network level authorization, thus requiring the proper credentials in order to execute remote code

- Disabling Remote Desktop Services, unless the utility is specifically required

As always, diligence is your best tool in the fight against malware, ransomware, and hackers. Avoid downloading or installing any suspicious software and always double-check hyperlinks before clicking them. Although these tips won't guarantee your online and network safety, they will make it more difficult for your system to succumb to these types of attacks.