ACSC urges Windows users to patch against BlueKeep
The Australian Cyber Security Centre is urging Windows users across Australia — especially those using outdated and obsolete versions — to ensure their systems are patched against the critical BlueKeep vulnerability.
The critical remote code execution vulnerability was recently discovered in the Remote Desktop Services component in some older version of Windows.
It is capable of spreading like a worm through vulnerable computers in a similar manner to WannaCry, and of giving attackers the ability to install programs, to view, change or delete data, and to create new accounts with full user rights.
In an indication of the potential severity of the vulnerability, Microsoft last month took the highly unusual step of issuing fixes to all affected versions of Windows, including out-of-support versions including the ancient Windows XP and Windows 2003.
The vulnerability also affects Windows 7 as well as Windows Server 2008 — which are still in extended support — but is not present on Windows 8 or Windows 10.
The ACSC had previously issued an advisory offering detailed mitigated advice for government and critical infrastructure partners that rely on legacy Windows operating systems. Now the ACSC has extended its advice to smaller organisations around Australia, due to the fear that “potentially millions of networks” are vulnerable to the exploit.
The centre has urged all businesses using the affected operating systems to patch as quickly as possible. For users of out-of-support operating systems, this requires manually installing updates from Microsoft’s website.
Businesses should also block access to remote desktop protocols directly from the internet, using a VPN with multifactor authentication if the protocols are required. Internal network machine-to-machine remote desktop protocols should also be limited as much as possible — ideally only to servers.
Finally, the ACSC has urged businesses to consider implementing Microsoft’s Network Level Authentication capabilities, which the company has stated prevents exploits written for the vulnerability from spreading like a worm.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Failing to provide IT employees with quality training can cause significant costs for businesses,...
An exploit for the BlueKeep Windows vulnerability has been released by the open source Metasploit...
The Australian Government is seeking feedback on a new cybersecurity strategy to help businesses...