Windows Bluekeep vulnerability

Posted on Posted in Informational

This has been hitting the news in the past week including starting to show up in more than the tech news sites. This is a vulnerability that exposes any un-patched system from Windows XP to Win 7 and including up to Server 2008.

To be exploited, your system needs to be exposed to the internet and have Remote Desktop Services enabled. Now, many systems are not exposed to the internet directly BUT the flaw can be made to be wormable (move from system to system on its own). SO, if you have a user that connects his/her laptop to an unsecured internet connection and is compromised then brings that system back into your secured network, it could spread to other systems.

To be safe, you need to fully apply all patches for the system from Windows update. From a network perspective, the firewall can be configured to block the port that is used by this flaw. On all systems, disable Remote Desktop Services unless specifically required.