The BlueKeep Vulnerability which is tracked in the CVE-2019-0708 is actively used against hospitals and medical institutions. This is a dangerous flaw in the last versions of the Microsoft Windows operating system, including the embedded releases. Successful exploitation allows the hackers to carry out remote code execution attacks.
The BlueKeep Vulnerability Tracked In The CVE-2019-0708 Is Actively Used Against Hospitals
A flaw affecting the Microsoft Windows operating systems tracked in the CVE-2019-0708 advisory is being used by hackers to intrude into hospitals and medical institutions. Its known as the BlueKeep Vulnerability and presents a dangerous threat that affects all modern versions of the Microsoft Windows operating system — this includes both the desktop releases and those that are made for embedded devices and servers. Abuse of the flaw allows the hackers to carry out remote code execution attacks. This is done by checking if the RDP protocol port (3389) is accessible from the Internet and the service is turned on. When these two conditions are met and the system is not protected from the flaw it can easily fall victim to the threat. What’s more dangerous about it is that the BlueKeep vulnerability can easily spread across the network from computer to computer.
The description of the CVE-2019-0708 advisory is the following:
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.
So far the majority of the attacks appear to be against hospitals, the reason for this is that they contain hundreds of devices that are running unpatched versions — usually this is done for compatibility reasons for the medical equipment that is connected to the computers. As a result of the intrusions the following behavior can be observed depending on the intended campaign:
- The infected devices can be recruited to a worldwide botnet collective
- Using the BlueKeep vulnerability all kinds of malware can be installed on the victim machines
- Various kinds of system settings can be launched as soon as the vulnerability is exploited
Microsoft released patches for the affected operating systems in their regular bulletins, this is the reason why we advice all users to always apply the latest updates. Another security advice is to disable the remote desktop service if is not explicitly needed. The patched workstations can also be routed through special gateways that contain the signature of the exploit in order to protect from it.