"If you haven’t yet patched the BlueKeep RDP vulnerability, do so now"

There is still no public, working exploit code for CVE-2019-0708. The BlueKeep RDP vulnerability is a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). Microsoft has created a patch, to fix the problem. One should implement the patch as soon as possible to protect their computers. If one cannot install the new patches, then the following should be completed to help protect from the flaw. One can Disable RDP services if they are not required, also one can block port 3389 (standard RDP port) at the enterprise perimeter firewall or configure RDP to be only accessible via a VPN or via devices on the LAN, ThDeploy IDS/IPS rules to detect the exploit. One should also enable Network Level Authentication (NLA) – this is a partial mitigation, as affected systems are still vulnerable to RCE exploitation if the attacker can authenticate with valid credentials.

HELPNETSECURITY reports: "If you haven’t yet patched the BlueKeep RDP vulnerability, do so now"

Submitted by Anonymous on Thu, 05/23/2019 - 14:25