The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in Microsoft Windows 7, Windows XP, Windows Server 2008, and some earlier operating systems. If you might be affected, read on for recommendations.
What is BlueKeep? BlueKeep is a security vulnerability in the Windows Remote Desktop Protocol (RDP). An attacker can exploit it to perform remote code execution on an unprotected system, potentially adding user accounts, viewing, changing, or deleting data, and installing programs. BlueKeep is considered "wormable," because it could propagate to other vulnerable systems.
For Ongoing Protection, Enable Windows Updates (Windows 7 and Server 2008). Microsoft released security updates to patch this vulnerability a month ago, so if you are running Windows 7 or Server 2008 and have not changed the update settings on your SpeedLine stations, the update should have been automatically installed. If your store has disabled automatic Windows updates, you should run the updater immediately (see steps below).
To check for updates (Windows 7):
- Click the Start menu icon.
- In the search bar, type "Windows update."
- Click the Windows Update program in the search results.
- If automatic updating is off, click Turn on now (click View advanced options to customize the updates).
- Click OK. Your computer will check for available updates online, and will download and install the BlueKeep patch if it was not installed previously.
Install available patches (Windows XP, 2003, or Vista). For operating systems that are no longer officially supported, including Windows Vista, Windows XP, and Windows Server 2003, Microsoft has released patches. You can download a patch for your older operating system and install it.