CISA issues an activity alert for the 'Bluekeep' exploit

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an activity alert to raise awareness about a vulnerability called 'BlueKeep'. The BlueKeep vulnerability is known to be capable of enabling remote code execution on a vulnerable device.

BlueKeep’s reach though is limited to several Microsoft Windows OSs including both 32-bit and 64-bit versions of Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008 and Windows Server 2008 R2. Homeland Security’s cyber agency in its activity alert named the alert as CVE-2019-0708. The vulnerability exists within Remote Desktop Protocol (RDP) which is used by Microsoft Windows OS.

The CISA believes that the exploit is capable of spreading as rapidly as the dangerous WannaCry malware attacks which affected thousands of systems in 2017. Last month, Microsoft had released patches for the vulnerability. Patches were also released for the Windows Vista, Windows XP, and Windows Server 2003 which are no longer officially supported by the company.

CISA further has asked the users and administrators to test the patches before installation. To mitigate the threat from the exploit CISA has asked users to upgrade end-of-life OSs, disable unnecessary services, enable network level authentication, and block Transmission Control Protocol (TCP) port 3389 at the enterprise perimeter firewall.