Windows XP, Vista And 7 Vulnerable To BlueKeep Attacks
Microsoft issued a high security bulletin encouraging Windows users, even as old as Windows XP and Vista to allow Windows updates for their machine. Windows XP is an operating system that is under unsupported status since 2014, but Microsoft issued a patch for the Bluekeep security flaw for it alongside supported versions of Windows 7 and Server 2003/2008. The Bluekeep patch has been issued to Windows 7 and Server 2003/2008 earlier this year, but not all computers using the mentioned OS were able to apply the update. Redmond’s estimate that a million computers are vulnerable to WannaCry-level of cybersecurity incident, once the Bluekeep bug becomes weaponized by cybercriminals.
Microsoft confirmed that the BlueKeep bug does not exist in Windows 8.x and Windows 10 operating systems. BlueKeep is a remote code execution security flaw which can be used to install nasty forms of malware to a vulnerable computer, like ransomware, cryptojacking malware and RAT (Remote Access Trojan). The bug was so severe, that even the U.S. Department of Homeland Security, Australia’s Cyber Security Centre and the United Kingdom’s National Cyber Security Centre made a similar warning for their respective citizens still using an old version of Windows to apply the patch.
Australia cyber Security Centre appealed in Twitter through @CyberGovAU:
Microsoft’s behavior regarding the BlueKeep bug surprised the entire industry, as Redmond considers the possibility of WannaCry 2.0 emerging from the bug, as the more than a million Windows machines on the Internet are openly exposed to it. Unlike Windows 7, Windows XP version of old Windows Update facility will not fetch the BlueKeep patch automatically. XP users should visit windowsupdate.com in Internet Explorer 8 in order for XP to detect that a special BlueKeep update is available for download. Just like any XP updates prior to it, a restart of the computer is needed for the patch to complete its installation process.
BlueKeep bug was detected in the Remote Desktop Server Service that are bundled in all versions of Windows since XP. Anyone with an Internet-connected device may also visit https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 to manually download the patch, save it in a flash drive and install it to all vulnerable versions of Windows.
The enterprise space is notorious for keeping old versions of Windows still being used within their corporate network, and many of them have Internet connections as well. An antimalware program or firewall cannot block Windows-specific bugs, hence old versions of Windows are low hanging fruits for cybercriminals to target.