The Microsoft Defender ATP Research Team again this month stressed the importance of patching Windows 7, Windows Server 2008, and Windows Server 2008 R2 against the "Bluekeep Flaw". Bluekeep is the term created to shorten a vulnerability found in the Remote Desktop Services software. Despite releasing the patch in May of this year, it is reported that hundreds of thousands of computers have not been updated to protect against criminals attempting their continued crypto-ware attacks using the BlueKeep exploit module for the Metasploit penetration testing framework.
Microsoft is working with security researchers, who are demonstrating that criminals continue to refine their attacks, which last peaked in September. The patch to help protect against these attacks is CVE-20190-0708. Microsoft reports "It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed." and we couldn't say it better.
Click the graphic
below to read an in-depth explanation of BlueKeep and how criminal attacks are layered (i.e. not as simple as you may think), presented by Microsoft. We recommend that everyone:
patch systems in support of 164.308(a)(5)(ii)(B) "Protection from Malicous Software" (yes, we realize this is technically a training citation), and
monitor systems for anomalous behavior in support of 164.308(a)(1)(ii)(D).
Stay (HIPAA) safe,