After NSA and Microsoft, Australia’s top cybersec agency says to patch that Windows Bluekeep bug

The Australian Cyber Security Centre is playing a little catch up with Microsoft and its own counterpart in the US in warning Australian organizations to patch CVE-2019-0708, the Windows Remote Desktop Services (RDS) bug know as Bluekeep. 

On Tuesday, as CSO Online reported, the US National Security Agency strongly urged Windows admins to patch the Bluekeep bug, which Microsoft warned on May 14 was a wormable bug, meaning it could spread automatically from PC to PC without users clicking on anything. 

Microsoft is concerned that the RDS bug could lead to an attack on the scale of WannaCry, the massive ransomware outbreak that happened in May 2017, crippling many systems at the UK’s National Health Service (NHS).  

The RDS bug allows an attacker without valid credentials to connect to a vulnerable system over Remote Desktop Protocol (RDP) and send specially crafted RDP requests. An attacker who exploits the flaw could then execute code of their choice and install malware.  

“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system,” Microsoft explained in its initial advisory.  

What makes this bug interesting is that it was reported to Microsoft by the UK’s National Cyber Security Centre (NCSC), an arm of the UK’s spy agency, GCHQ, that helps UK organizations improve cybersecurity. 

WannaCry was made possible by the leak of an NSA exploit dubbed EternalBlue that exploited old Windows flaws in the SMBv1 protocol that the NSA didn’t disclose to Microsoft for potentially years as it used it for its own network exploitation activities. 

As with the flaws EternalBlue exploited, Microsoft has decided to offer patches for unsupported Windows XP due to the potential impact it could have. At the end of May it even delivered a second reminder for Windows admins to patch the flaw

“As an indication of just how significant the impacts of BlueKeep can be to their customers, Microsoft took the unusual step of publishing advice to warn of its ability to propagate or ‘worm’ through vulnerable computer systems, with no user interaction at all,” the ACSC said in a press release on Wednesday in the wake of the NSA’s advisory. 

The Australia cybersecurity agency says it had already told government and critical infrastructure partners about the threat of Bluekeep and provided “detailed mitigation advice for businesses who rely on legacy Windows operating systems.”