It’s Not BlueKeep and It’s Not Spreading Yet – But Listen Up!
We have received several emails from folks who have read dire scary warnings that “800 million” Windows 10 computers are vulnerable to BlueKeep. That’s simply not true. Here’s why: Windows 10 is not vulnerable to BlueKeep, It is, however, vulnerable to two BlueKeep-like “wormable attacks” that can spread from computer to computer.
But the way the articles were written, it made it sound like 800 million Windows 10 computer were on the frontlines of a major wormable attack. This kind of “the-sky-is-falling-journalism” certainly attracts readers and keeps the revenue rolling in, but it doesn’t help keep people safer. Panic is always logic’s worst enemy.
Sure the vulnerability is real, but it’s not spreading yet – not a single computer “in-the-wild” (meaning generally, Windows computers connected to the Internet) has yet been infected, but it’s coming – and it’s only a matter of time.
There’s no need to panic, is you’re using Windows 10 you’ll get the patches automatically via Windows Update.
Here’s an article from ZDNet (August 13, 2019):
Microsoft said today it patched two new major security flaws in the Windows Desktop Services package.
These two vulnerabilities are similar to the vulnerability known as BlueKeep (CVE-2019-0708). Microsoft patched BlueKeep in May and warned that attackers could abuse it to create “wormable” attacks that spread from one computer to another without user interaction.
Today, Microsoft said it patched two other BlueKeep-like security flaws, namely CVE-2019-1181 and CVE-2019-1182.
Just like BlueKeep, these two new bugs are wormable, and they also reside in the Windows Remote Desktop Services (RDS) package.
Unlike BlueKeep, these two cannot be exploited via the Remote Desktop Protocol (RDP), which is normally part of the bigger RDS package.
“The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions,” said Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC).
“Windows XP, Windows Server 2003, and Windows Server 2008 are not affected,” he said.
Pope said Microsoft found these vulnerabilities internally, while trying to harden and improve the security posture of the RDS package…
Before you read more into that than there is and wish you would have stayed with Windows XP, XP was vulnerable to BlueKeep, and Microsoft, to prevent BlueKeep from spreading from infected machines to other vulnerable machines, patched Windows XP computers, though XP has long since passed its end-of-life date.
The moral to the story? It’s OK to delay versions update (like updating from Windows 10 Version 1809 to Version 1903), but it’s not OK to prevent or delay regular Windows Updates. Regular Windows updates are important because they often contain security patches and bug fixes. So, delay version updates if you wish, but make sure you install all other Windows updates.