Fix the Critical Remote Code Execution Vulnerability with BlueKeep Patch
Microsoft is urging all the users of Windows computers running on Windows 7 and earlier versions to patch their systems against a new vulnerability called BlueKeep. Security researchers all over the world are comparing this new BlueKeep vulnerability to the EternalBlue vulnerability from a few years ago that was exploited by ransomware like WannaCry and NotPetya.
bluekeep patch download
Download apk: https://www.google.com/url?q=https%3A%2F%2Fimgfil.com%2F2unTT1&sa=D&sntz=1&usg=AOvVaw0lfM2ggmgHl_yU1ZM5IuOk
BlueKeep is a security vulnerability in RDS (remote desktop services) that affects Windows 7 SP1, Windows Server 2003, Windows XP, Windows Server 2008 and Windows Server 2008 R2. This may affect all of the service packs for a system, for example, both Windows 7 and Windows 7 SP1, but Microsoft is providing patches only for the latest service packs.
In order to disable remote desktop connections on your Windows PC, you can download enable-disable-remote-connections.zip, extract its contents to a folder and double-click on disable-remote-connections.reg. Similarly, you can re-enable remote desktop connections by merging enable-remote-connections.reg in your system. Alternatively, you can press Win+Pause, choose Advanced system settings, choose Remote tab and disable all the settings for remote connections.
If you're still on Windows 7 or earlier, you need to make sure you have a recent security patch installed as soon as possible. It fixes a very serious operating system exploit, dubbed "BlueKeep".Note that a firewall and antivirus will not block operating system exploits, which iswhy using an unsupported operating system is incredibly dangerous.
The risks are so severe that Microsoft not only issued patches for Windows 7 and Vista, but even a patch for XP. That's incredibly rare these days as Microsoft has long since stopped issued patches for XP, partly to avoid creating a false sense of security among people who still run it.
One security researcher 'robertdavidgraham' has created a tool called 'rdpscan.exe' (available via .ZIP file) to scan the Internet for machines vulnerable to attacks exploiting the bug. At the time of writing, he found more than 900,000 computers without the patch in place. (Source: wired.com).
For Windows 7 and Windows Server 2008 / R2 users: you have two choices when it comes to patching the system. You either download the 'monthly rollup' or the 'security only' update. Either is fine, though the 'security only' update is smaller compared to the 'monthly rollup' (80mb vs 300mb, approximately).Both options are available here. If you are running Windows 7 now and you have Windows Update set to automatic, you likely already have the patch installed.
Given the potential impact to customers and their businesses, we made the decision to make security updates available for platforms that are no longer in mainstream support (see download links in the following table). These updates are available from the Microsoft Update Catalog only. We recommend that customers running one of these operating systems download and install the update as soon as possible.
Microsoft has not released patches for Windows Vista, despite this version also being affected by the vulnerability. The only solution here is to disable Remote Desktop Protocol (RDP) completely or only allow its use when accessed via VPN.
How to protect against BlueKeep vulnerability
Microsoft security update for CVE-2019-0708
Windows Remote Desktop Services Remote Code Execution
Download BlueKeep patch for Windows XP
BlueKeep wormable exploit and how to prevent it
CVE-2019-0708 security-only update for Windows 7
BlueKeep scanner and mitigation tool
Microsoft blog post on protecting against BlueKeep
Windows Server 2003 R2 BlueKeep patch download
BlueKeep vulnerability assessment and remediation guide
Windows Vista SP2 security update for CVE-2019-0708
BlueKeep exploit code and how to detect it
Windows 8.1 and 10 BlueKeep patch installation
BlueKeep risk analysis and best practices
Windows Embedded Standard 7 security update for CVE-2019-0708
BlueKeep PoC and how to defend against it
Windows Server 2008 R2 security-only update for CVE-2019-0708
BlueKeep threat intelligence and indicators of compromise
Windows Server 2012 R2 security update for CVE-2019-0708
BlueKeep detection script and how to use it
Windows Server 2016 security update for CVE-2019-0708
BlueKeep mitigation strategies and recommendations
Windows Server 2019 security update for CVE-2019-0708
BlueKeep vulnerability scanner and how to run it
Windows Server Core installation security update for CVE-2019-0708
BlueKeep patch download issues and troubleshooting tips
Windows Server version 1803 security update for CVE-2019-0708
BlueKeep vulnerability FAQ and answers
Windows Server version 1903 security update for CVE-2019-0708
BlueKeep vulnerability impact and severity level
The BlueKeep case bears a strong resemblance to the events from two years ago. On March 14th, 2017, Microsoft released fixes for a wormable vulnerability in the Server Message Block (SMB) protocol, advising all users to patch their Windows machines immediately.
Microsoft issued a second warning for users of older Windows releases to patch their systems to block potential attackers from abusing the critical Remote Desktop Services (RDS) remote code execution vulnerability dubbed BlueKeep.
The first time, Microsoft issued a security fix designed to protect Windows computers running vulnerable RDS installations and block any malware capable of exploiting the flaw tracked as CVE-2019-0708 and of propagating between unpatched machines.
According to Pope, even though users had almost 60 days to patch after Microsoft issued a security update for the SMBv1 vulnerabilities a lot of machines were left unpatched which led to them getting infected with ransomware after the ShadowBrokers publicly released the EternalBlue wormable exploit during April 2017.
The 0patch platform also issued a fix for BlueKeep, in the form of a 22 instructions micropatch which can be used to protect always-on servers against exploitation attempts without having to reboot the machines.
Note Please see the Security Update Guide for a new approach to consuming the security update information. You can customize your views and create affected software spreadsheets, as well as download data via a restful API. For more information, please see the Security Updates Guide FAQ. As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.
That's because smaller businesses may not have updated their systems in years. Jack said that could include organizations like smaller banks, which may have ATMs that are at risk without the patch. On someone's personal computer, Jack warns hackers could get in and hold their files hostage or steal their financial information.
I was wrong. Upon reboot (required) after the installation of the patch, the server failed to boot, hanging at first startup (after POST), with only a cursor available on the screen. To fix it, I had to restore the server from backup. As a temporary solution I've changed the port to which RDP listens for connections.
Thank you for that. I haven't implemented the latest SSU in order to test whether this patch will install correctly or not, however, I'm going to mark this as answered until further notice (e.g., if the SSU kills the OS upon installation).
Corporate users and administrators appreciate the lightness and simplicity of 0patch, as it is shortening the patch deployment time from months to just hours. Reviewing tiny micropatches is inexpensive, and the ability to instantly apply and remove them locally or remotely significantly simplifies production testing.
0patch Agent, our mighty little patching machine, watches over all processes running on the computer. When any one of them is found to have a patch available, that patch is immediately applied to the process in memory without disturbing that process.
You can change your mind at any time by using the unsubscribe link in the footer of any email you receive from us, or by contacting us at support@0patch.com. By clicking below you agree that we may process your information according to our Privacy Notice.
Microsoft urges their customers on the oldsystems to apply the patches and take the precautionary measures as recommendedby the security experts. The NSAalso issued a cyber security advisory on June 4th in order to urge usersto apply the patches provided by Microsoft to vulnerable PCs. NSA alsorecommends the following additional measures:
Now is a good time to make sure that your Windows computers, particularly lab workstations and scientific instrument controllers, are fully patched. In particular, any computers that are connected to the campus network and running remote access services must be kept up to date on security patches. A security incident with your computer or lab device can result in severe disruption of your work, including potential data loss due to ransomware.
While restricting access to Remote Desktop at the network level can help mitigate this vulnerability, it is not a substitute for patching, as a vulnerable system could still be completely compromised via an infected computer on the same network. If the patch cannot be applied right away, consider disabling Remote Desktop entirely until patching is feasible.
If you are running a system that cannot be patched, disable Remote Desktop and do not run remote access services of any kind on unpatchable, vulnerable systems. Contact Information Security if you need guidance about how to secure such systems.
Dubbed BlueKeep, the Remote Desktop Protocol (RDP) vulnerability is so potentially dangerous that both Microsoft and the National Security Agency (NSA) have issued advisories about its existence. Microsoft has written two blog posts on the topic, while the NSA has gone so far as to say that the terrorist organization ISIS is actively exploring ways to exploit BlueKeep. Meanwhile, the Department of Homeland Security is encouraging everyone to patch their systems now.
Most troublesome, WannaCry spread because thousands of systems went unpatched. Several weeks after BlueKeep was discovered, close to one million systems with RDP exposed to the internet remain unpatched.
We remind you nonetheless of the importance of applying the corresponding Microsoft patches indicated in the Support article, to close the door permanently to the exploitation of this type of vulnerabilities.
We want to emphasize the importance of protecting your systems from cyberattacks. In this specific case, we recommend patching all computers with RDP resources and ensure you install a suitable security solution to keep your infrastructure fully updated. Security solutions such as Panda Patch Management, which manages vulnerabilities and their corresponding updates and patches, both for operating systems and hundreds of applications or Panda Systems Management, which manages, monitors and maintains all the devices in your organization in check are highly effective for this purpose.
In the case of WannaCry, the initial outbreak occurred around 60 days after the patch was released by Microsoft in 2017. As of today, we are 22 days out from the Microsoft patch release for BlueKeep. You need to have a process in place to expedite highly critical patches such as the BlueKeep patch.
BlueKeep was originally limited to researchers modeling the risk, but in November 2019, it emerged that attackers were using it to install cryptocurrency mining code. The attack, discovered by British researcher Kevin Beaumont, was found through honeypots he created to notify of any exploits of the vulnerability. The attacks used a demo exploit code that attempted to install a cryptominer onto unpatched devices. However, they were flawed as they only crashed computers rather than successfully installing the code.