Several weeks later, the National Security Agency warned that BlueKeep could be “exploited and weaponized by malware.” It was a similarly unusual announcement.
What Is BlueKeep?
BlueKeep was discovered in Microsoft’s Remote Desktop Protocol (RDP), a feature that is used regularly to allow users to control computers being used remotely. BlueKeep is potentially “wormable,” meaning it could be exploited to run code on every machine connected to an RDP, without needing a username or password. A self-propagating worm could launch on almost 1 million machines, according to Microsoft estimates.
What Systems Can the BlueKeep Vulnerability Affect?
Microsoft’s issued patches for older systems, including those from Windows XP to Server 2008 R2. Included in those patches are those for operating systems such as Windows XP and Windows 7 that are no longer supported or for which support will cease in January 2020.
Why Is the BlueKeep Virus So Dangerous?
BlueKeep is so risky because of the ease in which a launched attack could allow control for machines throughout an organization quickly. “It is more of a mobile virus. It’s the kind of virus that once it infects a network it worms its way through the entire network before it actually starts its destructive behavior,” explained Luis Alvarez, founder of the Alvarez Technology Group, a leading IT security and managed services company, in a recent video.
Why Did the NSA Issue an Alert?
The NSA alert was issued to protect against a repeat of the WannaCry virus of 2017 that disrupted millions of computers worldwide. The BlueKeep vulnerability is very similar to the EternalBlue vulnerability that allowed WannaCry to wreak havoc.
What Can BlueKeep Do To Infected Computers?
Turn them into bricks, which means your computer cannot be fixed through normal means. The computer won’t power on or the OS will not launch. In some cases, it’s impossible to install a new operating system,
However, that’s just part of the disruption BlueKeep can cause. As Alvarez explains, BlueKeep can act like typical ransomware and encrypt your data files. It has also been known to encrypt system files and DLL files.
“It can literally brick your PC and force you to basically wipe everything out and start from scratch,” Alvarez said.
What Can Users Do to Combat the Virus?
Microsoft and the NSA are urging users to install the patch. Microsoft is also encouraging users to its latest operating system, Windows 10. That OS and Windows 8 are not affected by the BlueKeep vulnerability.
Alvarez Technology Group helps clients throughout the Salinas area assess and improve their network security. Our comprehensive security services protect your data and hardware from vulnerability like BlueKeep with constant monitoring and automated patching. To schedule an initial IT security consultation, contact one of our IT security experts today.
