Days ago, Microsoft made public a critical security breach. This vulnerability threatens the following operating systems:
- Windows XP;
- Windows 7 ;
- Windows Server 2003;
- Windows Server 2008;
- Windows Server 2008 R2.
Dubbed "BlueKeep" and referenced under the code CVE-2019-0708, this vulnerability is located in the standard RDP (Remote Desktop Protocol) component. Present in all Windows installations, it allows you to connect to a server in a secure way.
What are the risks if you take no action?
This critical flaw allows a third party to take control (via the RDP component) of a vulnerable server, remotely and without the need for authentication. All data and applications hosted on a vulnerable server could be compromised.
What can you do about it?
Microsoft has already released a patch. We strongly recommend that you apply the patch, provided by Microsoft, as soon as possible to any and all of your servers that use the Windows versions listed above.
To do this, simply launch Windows Update and make sure the system is up to date.
Microsoft provides you with a detailed security bulletin available at the following address:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0708
Thursday, May 14, 2015