Guard against BlueKeep
Vulnerable Windows OS: XP, Vista, 7, Server 2003, and Server 2008
When an unauthenticated attacker connects to the target system using RDP and sends a specially crafted request, they can execute a remote code vulnerability that exists in Remote Desktop Services on older Windows OS versions. This allows the attacker to install programs, modify data, and even create new accounts with full administrative privileges.
“BlueKeep is considered a ‘worm-able’ because the malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017,…” as CISA explains.
Mitigation (On Host Device):
1.Install Microsoft Patches
Microsoft has released official security patches for this vulnerability.
2.Upgrade End-of-Life OS
Upgrade any End-of-Life Windows OS to the latest OS such as Windows 10.
3.Disable Remote Desktop Service
If not in use, disable Remote Desktop Service. This will limit exposure to the vulnerability.
4.Enable Network Level Authentication
Enabling Network Level Authentication forces a session request to be authenticated and effectively mitigates against BlueKeep, as the exploit of the vulnerability requires an unauthenticated session.
Mitigation (On Network):
1.Block TCP port 3389 at the perimeter firewall
Port 3389 is used to initiate RDP sessions, block this port prevents attackers from exploiting BlueKeep.
2.Access Intranet service through VPN
Leveraging VPN technology for remote access to internal network prevents unauthorized outside access.
3.Deploy advanced protection
A reliable multi-layered security solution can detect and mitigate the attacks exploiting the flow on the network level. Zyxel ZyWALL ATP serial firewall uses its IDP and reputation filter security features to block malicious network attacks.
2018-07-10: Initial release