Advisory 7

TLP Rating: Clear

Microsoft Operating Systems BlueKeep Vulnerability

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

This is to advise all system and network administrators, managers and business houses in Vanuatu who are using Microsoft operating systems to actively monitor and ensure the latest Microsoft security patches of BlueKeep (CVE-2019-0708) vulnerability are installed.

 BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows Operating Systems (OSs). An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. 

At this stage, the office of CERT Vanuatu (CERTVU) and OGCIO have not received any reported threat cases related to the BlueKeep vulnerability. CERT Vanuatu is reaching out to organizations, IT companies and individuals to report any suspected case. 

What Happened?

According to Microsoft, an attacker can send specially crafted packets (data) to one of these operating systems that has RDP enabled. After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful.

BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a manner like other known malwares such the WannaCry malware attacks of 2017 [1].

 

References

  1. https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
  3. https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
  4. https://www.us-cert.gov/ncas/alerts/AA19-168A

https://cert.gov.vu/index.php/services/online-advisories-alerts