The Australian Cyber Security Centre has received reports that hackers are using a security vulnerability called BlueKeep to install malicious software on devices using older versions of Windows.
This follows on from the Stay Smart Online Alerts issued in August and May, urging users of pre Windows 10 operating software to update their software immediately to protect against this vulnerability.
Hackers can use the BlueKeep vulnerability as the access point into computers and devices that don’t have the latest software updates.
Once they have gained access through the BlueKeep vulnerability, cybercriminals can install malicious software that mines virtual currency, otherwise known as cryptomining, install ransomware that locks up your data or steal your personal or financial information.
Does it affect me?
Any organisation or business that uses older versions of Microsoft software is at risk. Microsoft has provided free patches for vulnerable software versions including Windows 7, Windows Server 2008 R2, and Windows Server 2008 and out-of-support systems including Windows 2003 and Window XP.
How do I stay safe?
If you run Windows software that is older than Windows 10, take a minute to download the free updates to fix the vulnerability (“patches”) available from Microsoft. A few minutes spent patching now could save you or your business weeks or months repairing the damage caused by a cybercriminal.
If you’re a business and you use Remote Desktop Protocol (RDP) such as for remote administration, it is essential that you apply the relevant patches and implement the other mitigation advice provided by the ACSC: Bluekeep Advisory - CVE-2019-0708.
In particular, Windows users shouldn’t access RDP directly from the internet. Use a Virtual Private Network with two factor authentication if RDP is required, whichever version of Windows you are running.