Press Center

Malware and antivirus software

News

ESET releases tool to check whether your Windows is safe against BlueKeep

Created: 2019-12-18 00:00:00

ESET researchers recommend blocking Remote Desktop Protocol internet connections to avoid future harm by BlueKeep and other exploits

BRATISLAVA, SAN DIEGO — ESET has just released a free BlueKeep (CVE-2019-0708) tool to check whether a computer running Windows is safe against exploitation of the vulnerability. Brute-force attacks and the BlueKeep exploit use direct Remote Desktop Protocol (RDP) connections and allow attackers to perform widespread malicious activities misusing the victim’s servers.

“While the BlueKeep vulnerability has not, to date, wreaked widespread havoc, it is still very early in its exploitation life cycle,” explains ESET Distinguished Researcher Aryeh Goretsky. “The fact remains that many systems are still not patched, and a thoroughly wormable version of the exploit might still be found,” he adds. 

RDP allows one computer to connect to another over a network in order to use that network remotely. For the past two years, ESET has seen an increasing number of incidents in which attackers have connected remotely to a Windows server from the internet using RDP. Attackers logged on as the computer’s administrator can then perform a variety of malicious actions, including downloading and installing programs onto the server, disabling security software or exfiltrating data from the server. While the exact nature of what attackers may do varies greatly, two of the most common practices are installing coin-mining programs in order to generate cryptocurrency and installing ransomware in order to extort money from the organization.“

Attacks performed with RDP have been slowly, but steadily, increasing, and have been the subject of a number of governmental advisories in the US, UK, Canada and Australia, just to name a few,” says Goretsky. “The arrival of BlueKeep opened floodgates for further attacks. This vulnerability could become wormable, which means an attack could spread itself automatically across networks without any intervention by users,” warns Goretsky.

Microsoft has assigned the BlueKeep vulnerability its highest severity level of Critical in its published guidance for customers, and in the US government’s National Vulnerability Database, the entry for CVE-2019-0708 is scored as 9.8 out of 10.

“Users should stop connecting directly to their servers over the internet using RDP. Understandably, this may be problematic for some businesses. However, with support for both Windows Server 2008 and Windows 7 ending in January 2020, having computers running these programs represents a risk to your business that you should already be planning to mitigate,” recommends Goretsky.

For more details about the BlueKeep vulnerability, the ESET evaluation tool and Remote Desktop Protocol types of attacks, read the blog post, It’s time to disconnect RDP from the internet, on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

 



About Version 2 Limited
 

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.