Guard against BlueKeep
Vulnerable Windows OS: XP, Vista, 7, Server 2003, and Server 2008
When an unauthenticated attacker connects to the target system using RDP and sends a specially crafted request, they can execute a remote code vulnerability that exists in Remote Desktop Services on older Windows OS versions. This allows the attacker to install programs, modify data, and even create new accounts with full administrative privileges.
Impact:
“BlueKeep is considered a ‘worm-able’ because the malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017,…” as CISA explains.
Mitigation (On Host Device):
1.Install Microsoft Patches
Microsoft has released official security patches for this vulnerability.
2.Upgrade End-of-Life OS
Upgrade any End-of-Life Windows OS to the latest OS such as Windows 10.
3.Disable Remote Desktop Service
If not in use, disable Remote Desktop Service. This will limit exposure to the vulnerability.
4.Enable Network Level Authentication
Enabling Network Level Authentication forces a session request to be authenticated and effectively mitigates against BlueKeep, as the exploit of the vulnerability requires an unauthenticated session.
Mitigation (On Network):
1.Block TCP port 3389 at the perimeter firewall
Port 3389 is used to initiate RDP sessions, block this port prevents attackers from exploiting BlueKeep.
2.Access Intranet service through VPN
Leveraging VPN technology for remote access to internal network prevents unauthorized outside access.
3.Deploy advanced protection
A reliable multi-layered security solution can detect and mitigate the attacks exploiting the flow on the network level. Zyxel ZyWALL ATP serial firewall uses its IDP and reputation filter security features to block malicious network attacks.
Revision history
2018-07-10: Initial release
Comments
-
It is really great that a security issue of a non Zyxel device could be commented here.
I was informed outside this forum, but i think that other forum colleagues could not be informed.
So, great step Zyxel ... from my point of view this new forum section should be maintained to talk about any security flaw, no matter it is a Zyxel flaw or not.
Thanks guys 😀
2
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight