Bluekeep Vulnerability Threat

The U.S.  Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) has gone public recently with a warning to Microsoft Windows users regarding a critical security threat- also known as the BlueKeep Vulnerability. This latest report warns us it’s now a race against the clock against hackers which makes this vulnerability a ticking time bomb for businesses. The way  Bluekeep works is it can confirm a remote code execution on operating systems; the exploits that have been developed can crash the computer. Achieving and gaining a remote access code execution brings the severity of the BlueKeep threat into perspective as it brings control of infected machines to the cyber criminals; hackers are using this capability to install Ransomware on many operating systems.

Right now, just under 1 million technology systems are vulnerable to BlueKeep by way of port 3389, which is used for the Microsoft Remote Desktop feature. If a cyber criminal attacks the user while they’re using remote desktop, the user will be kicked out in order to block the cyber hacker from getting into your systems to distribute viruses and malware. There are countless gateways to many millions more machines that sit on the networks they lead to. An exploit can move quickly within the network, rapidly spreading to anything and everything it can infect in order to replicate and spread. Machines in an Active Directory domain can be attacked as well, even if there’s no BlueKeep vulnerability to exploit. The machine running the vulnerable Remote Desktop Protocol is merely the gateway, but once it is compromised, so is everything else on your systems. The U.S. National Security Agency (NSA) urges “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” Microsoft itself has twice now published warnings about BlueKeep including one that was reported as begging users to update their Windows installations.