2019 has not been the best time for Microsoft computers – threats affecting multiple Windows operating systems were repeatedly uncovered both internally and externally between May and June. The most critical vulnerability found is a Remote Desktop Protocol (RDP) error being called BlueKeep (or CVE-2019-0708), which has been deemed so serious that government security agencies have stepped in to warn affected users. Other threats include other remote access flaws, bug-causing updates, and a new malware campaign using Microsoft file attachments such as Excel.
The vulnerability named BlueKeep lies in a Remote Code Execution that could allow attackers to connect to a Windows system using RDP and essentially trick it into believing they are an authenticated user, allowing them to write their own code, install malware or modify system data. BlueKeep affects all Windows OS’s between Windows 2000 and Windows 7, including XP, Vista, and Windows Server 2008.
The real danger of this exploit is that it is “wormable,” meaning that it could be executed similar to a worm virus and be spread across multiple computers. This is the method in which the destructive WannaCry ransomware managed to infect tens of thousands of machines in dozen of countries, and Microsoft has warned that it is only a matter of time until hackers find a way to exploit the bug.
NSA & CISA Also Release Alerts for BlueKeep
The potential damage of a widespread BlueKeep attack is so significant that even after Microsoft released multiple updates and alerts, the National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA, a division of DHS) sent out their own warnings. The NSA’s involvement in particular has set off alarm bells for some observers who believe it implies knowledge of lurking threats the agency is not at liberty to publicly reveal.
Excel Malware Campaign
While there has not been a sign of a BlueKeep ransomware package yet, Microsoft has identified several other campaigns targeting or using their products. The latest utilizes macro functions in Excel attachments to bypass patched Windows computers and deliver a trojan. The malware has been recognized as the previously used FlawedAmmy, which also grants attackers remote access and had appeared in 2016 compromising the systems in the finance and retail sectors.
Dell SupportAssist Vulnerability
Another Remote Code Execution bug besides BlueKeep appeared in the same time period, though it has not received the same level of alarm from Microsoft. However, computer manufacturer Dell, whose hardware is also affected by the exploit, released their own warning alerting users to the presence of the vulnerability. The vulnerable program exists in multiple brands, though, and is often repackaged under different names depending on the manufacturer.
Updates, Backups, and a Zero-Day Exploit in Windows 10
As if remote access bugs and a targeted Excel malware campaign were not enough, Microsoft was forced to release a few more warnings around recent updates that created a whole new wave of bugs. What is more disconcerting is that some of these bugs were initially intentional designs for Windows 10, like the removal of Registry backups. Yet Microsoft has now been forced to release an alert notifying the 800 million affected users of the change to allow them to be able to restore the valuable function.
Adding to this pile of bad news was a public revelation from one Google’s Project Zero security researchers about a zero-day bug in a Windows program. Though the vulnerability was classified as low severity due to the amount of effort an attacker would have to commit to exploit, the end result would allow them to execute a serious denial-of-service (DoS) attack on any Windows 8 or 10 system.
What Should I Do About All These Windows Vulnerabilities?
The bugs highlighted here fall into two categories: they either showed up in updates or were present from the start. This highlights a crucial trend that appears in both hardware and software – technology will never be perfect. Increasingly complex machines powered by millions and millions of lines of code are bound to have at least a few errors. The only reliable method of defense is human monitoring and maintenance.
Learn How to Attain the Best Windows Defense Strategy
Microsoft products are the most popular in both personal computing and enterprise application categories; this is also why they are some of the most hacked. Don’t think this news means you have to throw out your Windows PCs, though. Instead, invest in making sure your network is protected against these threats.
Sign up for a Network Vulnerability Test from SWK to find out if your system is in danger of being compromised.