Nearly one million computers vulnerable to this new wormable windows systems called CVE-2019-0708 also known as Bluekeep “Worm”, in which corporate network most likely at risk.
Bluekeep attacks normally via phishing emails or automated download. It could allow an unauthenticated remote attacker to connect to a Windows server via remote desktop protocol (RDP) and execute arbitrary code on the remote server without any user interaction. The vulnerability can be used to run code at the system level, allowing full access to the computer including the data. It is also can be spread to other computers on the same network.
• Windows XP
• Windows Vista
• Windows 7
• Windows Server 2003
• Windows Server 2008
- All affected systems should be updated as soon as possible
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall