REN-ISAC Weekly Watch

In the Spotlight This Week: Bluekeep the Next WannaCry?

Bluekeep isn’t new this week. In fact, it was discovered in May. But it’s been getting a lot of attention recently in the InfoSec news feeds. In a nutshell, Bluekeep is a vulnerability in Microsoft’s Remote Desktop Protocol that, if exploited, could allow “wormable” remote code execution. That “wormable” aspect is what’s garnering attention – some are saying “It’s going to be the next WannaCry”. 
 
The vulnerability exists in all NT-based versions of Microsoft Windows, from Windows 2000 through Windows Server 2008 R2 and Windows 7. Microsoft published patches in May – including patches for some versions of Windows that were already at “end of life” status. And, although none have been made public yet, it is safe to assume proof of concept and/or executable exploits will be published soon.  
 
Several advisories have been issued about Bluekeep: 
 

• Microsoft: A Reminder to Update Your Systems to Prevent a Worm 

• US-CERT: Alert (AA19-168A) Microsoft Operating Systems BlueKeep Vulnerability 
• US National Security Agency: Patch Remote Desktop Services on Legacy Versions of Windows