The Australian Cyber Security Centre (ACSC) has issued a warning to organisations using older Windows operating systems to protect themselves from a desktop threat called CVE-2019-0708, also known as BlueKeep.
In a statement, the ACSC said Microsoft had taken the unusual step of publishing advice to warn of BlueKeep’s ability to propagate or ‘worm’ through vulnerable computer systems, even when they were not being used.
The ACSC said that with potentially millions of networks vulnerable, it was notifying smaller entities and owners and operators of businesses around Australia of the need to patch their systems as soon as possible.
“Every few years there is a software vulnerability that has the potential for significant, widespread harm around the world,” ACSC said.
It noted that in 2017 a form of ransomware called WannaCry disrupted the British National Health Service and crippled automotive and telecommunications companies in Europe.
“Impacts to the global economy may never be fully understood, but estimates suggest hundreds of millions of dollars in lost revenue and repair bills,” it said.
“Today the BlueKeep vulnerability is readily available to cyber criminals who seek to exploit vulnerable systems en masse.”
It said criminal groups were not necessarily targeting unsuspecting users, they were simply sweeping the landscape for vulnerable, outdated systems that were easily penetrable.
“Microsoft’s advisory provides fixes for vulnerable in-support systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008 and out-of-support systems including Windows 2003 and Window XP,” ACSC said.
It advised Windows users to deny access to Remote Desktop Protocols (RDP) directly from the internet; block all access to RDP; and utilise a Virtual Private Network (VPN) with multifactor authentication, if internet based access to RDP is required.
Information on protecting Remote Desktop Protocols can be accessed on the ACSC website at this PS News link.