Guard against BlueKeep

Zyxel_Forum_AdminZyxel_Forum_Admin Posts: 83  Admin
edited July 10, 2019 10:34AM in Security Incidents Aide

CVE-2019-0708

Vulnerable Windows OS: XP, Vista, 7, Server 2003, and Server 2008

When an unauthenticated attacker connects to the target system using RDP and sends a specially crafted request, they can execute a remote code vulnerability that exists in Remote Desktop Services on older Windows OS versions. This allows the attacker to install programs, modify data, and even create new accounts with full administrative privileges.


Impact:

“BlueKeep is considered a ‘worm-able’ because the malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017,…” as CISA explains.


Mitigation (On Host Device):

1.Install Microsoft Patches

Microsoft has released official security patches for this vulnerability.

2.Upgrade End-of-Life OS

Upgrade any End-of-Life Windows OS to the latest OS such as Windows 10.

3.Disable Remote Desktop Service

If not in use, disable Remote Desktop Service. This will limit exposure to the vulnerability.

4.Enable Network Level Authentication

Enabling Network Level Authentication forces a session request to be authenticated and effectively mitigates against BlueKeep, as the exploit of the vulnerability requires an unauthenticated session.


Mitigation (On Network):

1.Block TCP port 3389 at the perimeter firewall

Port 3389 is used to initiate RDP sessions, block this port prevents attackers from exploiting BlueKeep.

2.Access Intranet service through VPN

Leveraging VPN technology for remote access to internal network prevents unauthorized outside access.

3.Deploy advanced protection

A reliable multi-layered security solution can detect and mitigate the attacks exploiting the flow on the network level. Zyxel ZyWALL ATP serial firewall uses its IDP and reputation filter security features to block malicious network attacks.

 

Revision history

2018-07-10: Initial release

Alfonso

Comments

  • AlfonsoAlfonso Member Posts: 174  Master Member
    edited July 17, 2019 4:36AM

    Hi @Zyxel_Forum_Admin

    It is really great that a security issue of a non Zyxel device could be commented here.


    I was informed outside this forum, but i think that other forum colleagues could not be informed.


    So, great step Zyxel ... from my point of view this new forum section should be maintained to talk about any security flaw, no matter it is a Zyxel flaw or not.


    Thanks guys 😀

    Zyxel_Forum_Admin
Sign In to comment.