---

“Many systems are still not updated, so there is a danger of a version of the exploit with the ability to self-propagate in the networks of victims,” explains ESET experts.

The free ESET BlueKeep (CVE-2019-0708) Detection Tool, developed by ESET experts, will scan the device and report the presence or absence of a BlueKeep vulnerability or the application of necessary fixes. If a vulnerability is identified in the system, the tool will redirect the user to Microsoft's web page to download the appropriate patch.

It's worth noting that Remote Desktop Protocol allows one computer to connect to another over a network and use it remotely. Over the past few years, there has been an increase in the number of cybercriminals connecting to a Windows server remotely over the Internet using RDP and logging in with administrator rights. This allows attackers to download and install various programs on the server, disable security software, and intercept victims' data.

Most often, cybercriminals install programs for mining cryptocurrency and malicious software on compromised workstations, followed by a ransom demand in the organization.

"The number of attacks targeting RDP is slowly but steadily growing, and the issue has already become a topic of discussion during government consultations in the US, UK, Canada and Australia," ESET said. - The advent of BlueKeep created opportunities for further attacks. The vulnerability can be exploited to automatically spread threats across networks without user intervention. ”

Microsoft has rated BlueKeep a high severity level in its published customer guidance, and the US Government's National Database rated CVE-2019-0708 at 9.8 out of 10.



“Users should stop directly connecting to their servers over the Internet using RDP. Although this can cause a number of problems for some businesses. However, with the end of support for Windows Server 2008 and Windows 7 in January 2020, the availability of computers with these operating system versions could pose a risk to business, ”ESET said.

Due to the potential threat, companies need to take additional measures as quickly as possible to help minimize the risk of potential RDP-based attacks. In particular, to protect computers from the threat, experts have prepared a list of recommendations:

Turn off external connections to local machines through port 3389 (TCP / UDP) in the firewall at the perimeter.
Test and deploy the fixes for CVE-2019-0708 (BlueKeep) as soon as possible, and enable network-level authentication.
For all accounts that can be logged into via RDP, set complex passwords (long passphrases that contain more than 15 characters).
Install two-factor authentication on at least all accounts that can be logged in via RDP.
Set up a virtual private network (VPN) gateway to broker all RDP connections outside the local network.
Protect your security software with a unique, strong password that is not associated with other accounts.
Enable Vulnerability Exploit Blocking with Workstation Security Software.
Isolate the unsecured computer that you want to access over the Internet using RDP from the rest of the network.
If the BlueKeep vulnerability fix cannot be applied to your computer, you must promptly replace that device.
Set up geoIP blocking on VPN gateway. If staff are in one country, block access from other countries to prevent attacks from foreign cybercriminals.

It is worth noting that BlueKeep is detected as RDP / Exploit.CVE-2019-0708 using the network attack protection module. This technology is available in ESET Internet Security and ESET Smart Security Premium home products, as well as corporate workstation protection products such as ESET Endpoint Protection Advanced, ESET Secure Business and others.