CISA says it has tested BlueKeep on a machine running Windows 2000 and achieved remote code execution. The agency has advised users and administrators to install available patches, upgrade their operating system, disable unnecessary services, enable Network Level Authentication (NLA) if available, and block TCP port 3389 at the perimeter firewall.
CISA’s alert comes less than two weeks after the U.S. National Security Agency (NSA) urged users and administrators to take action to mitigate the BlueKeep vulnerability.
Many experts agree that it’s only a matter of time until CVE-2019-0708 is exploited in the wild. An increasing number of proof-of-concept (PoC) exploits have been developed, but a weaponized and fully working exploit that can achieve remote code execution has yet to be made public.
Leave a reply