ARN

ACSC urges Windows update as BlueKeep exploit released

Older Windows operating systems at risk

Australia’s cyber security agency has called for urgent Microsoft updates to be implemented following the first public release of the ‘BlueKeep’ flaw.

The Australian Cyber Security Centre (ACSC) issued a warning to IT managers update security on old Windows systems, as well as install a ‘BlueKeep’ vulnerability patch released by Microsoft last month.

The BlueKeep exploit was released publicly by cyber-security firm Rapid7 on 6 September using an open-source Metasploit framework.

The vulnerability, also known as CVE-2019-0708, targets the Remote Desktop Protocol (RDP) service in operating systems such as Windows XP, Windows 2003, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

Microsoft earlier revealed that the vulnerability is 'wormable', meaning malware exploiting the vulnerability can spread between equally vulnerable computers.  

“Australian businesses and users of older versions of Windows should update their systems as soon as practically possible before hackers further refine their tools and trade-craft in order to fully utilise this exploit,” the agency said.

As such, the ACSC urged Windows users to deny access to Remote Desktop Protocols (RDP) directly from the internet, or use a Virtual Private Network (VPN) with multi-factor authentication if RDPs are required, regardless of the version of Windows in use.

The ACSC, which falls under the Australian Signals Directorate, first warned of the BlueKeep flaw in June, notifying government and “critical infrastructure partners” of the potential for “significant, widespread harm around the world”.

At the time, the agency said that, if left unpatched, actors can move laterally across a network if the flaw is exploited. 

In August, the body issued another warning that claimed up to up to 50,000 devices of Australian entities could be affected.

“Any organisation or business that relies on the older Microsoft systems is at risk,”  Rachel Noble, ACSC head said at the time. “The compromise of an unpatched system could increase the chance that your network could be exploited.”

Microsoft first patched BlueKeep on May 14, and warned users to apply these as soon as possible.