Do you remember WannaCry? Two years ago, it was arguably the most destructive cyberworm in history — shutting down hospitals, banks, transportation and shipping companies. Perhaps one of the most baffling things of all, though, is the fact that WannaCry didn’t exist until two months AFTER Microsoft had already released a patch that would fix the very vulnerability the worm took advantage of.
Now, in 2019, the same thing is happening again with a vulnerability known as BlueKeep. This security risk is so severe that not only did Microsoft update Windows 10, they even went out of their way to patch its depreciated operating systems: Windows 2003, Windows XP and Windows Vista. The critical update was released weeks prior to the writing of this article.
Despite this, almost 1 million internet-connected computers remain vulnerable to the attacks.
The Specifics of BlueKeep
The vulnerability that BlueKeep refers to lies within what’s called the Remote Desktop Protocol, or RDP. It’s a system that allows someone to connect to another computer and operate it remotely as though they were sitting at the desk themselves — think screen sharing, but fully interactive. The problem isn’t exactly with RDP itself, but rather when two vulnerable computers connect to each other in this manner. If one of those computers were infected with something, it would spread. And the kicker is, RDP is built in by default, so it doesn’t matter if a user “wants” to use it or not. The protocol for it is there. RDP servers are built into Windows operating systems, even if the user hasn’t installed the software for making use of it. A nasty worm could exploit this vulnerability, and it’s the vulnerability itself that’s called BlueKeep.
Responsibility and Liability
There often comes a point where a business’s action or inaction causes harm to an individual. In the case of cybersecurity vulnerabilities like this one though, everyone is harmed. If nothing else, Microsoft has at least done their part to address and fix the issue before a malicious actor could take advantage of it. But users must do their part, too. If you’re running a business and you refuse to patch or are simply in the dark about how and when to do so, you could be opening yourself up to a plethora of legal liability — not to mention the possible destruction of your entire enterprise, the security of your employees, your clients and customers, and on and on.
These are not scare tactics designed to frighten you into hiring us. They’re uncomfortable truths packaged together with all-too-relevant social responsibility. Even if you DON’T hire us, please, patch your Windows.
Pretty please?
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!
