Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

How to Stay Protected Against BlueKeep and DejaBlue?

Ellen Sundra, VP of Americas, Systems Engineering, Forescout Technologies | September 6, 2019

BlueKeep is still one of the most daunting threats to our systems out there. The vulnerability is still a potential security challenge despite multiple patches released by Microsoft and third parties. Additionally, while fixing the BlueKeep flaw, Microsoft discovered other vulnerabilities, dubbed “DejaBlue”. With the device explosion of IT and OT convergence, and the Internet of Things (IoT) connecting everything everywhere, this could have potentially disastrous effects not only on businesses, but government organizations, smart buildings, and healthcare.

What exactly is BlueKeep? And DejaBlue?

These destructive exploits attack the systems’ Remote Desktop Protocol (RDP), potentially taking control over the device with full user rights. The exploits could potentially view, add, delete and change data. It doesn’t even require much interaction from the user – it can easily spread itself with no action taken. The concern is that this kind of “wormable” cybersecurity outbreak is very similar to the previous WannaCry crisis that caused an estimated $4 billion in damage.

What is being done about it?

Microsoft released a series of updates to their products, but the fact that these vulnerabilities are present in several legacy operating systems makes it more difficult to contain. Older devices are still in service because they serve an irreplaceable or critical function, such as medical devices in healthcare.  Microsoft warned its users to install the security measures immediately, even the National Security Agency (NSA) requested that US citizens to look into the subject.

Which systems are affected?

Any machine running Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP is said to be vulnerable to the BlueKeep exploit. Computers running Windows 8 or 10 are considered vulnerable to the Deja Blue vulnerability, affecting even the newer machines.

Is my system safe?

Even if this vulnerability does not specifically target your computers or devices because you don’t have RDP turned on, it’s best to make sure to apply the new patches. If you are managing a larger network, look for a tool that helps you with monitoring which devices are impacted, what their security hygiene is, and continuously monitor activity – visibility solutions can determine any unusual activity and apply necessary controls.

How can I learn more?

Cybersecurity companies are updating their solutions to make sure their customers are fully protected. To learn more about the potential risks involved with BlueKeep and hear tips how to prepare a reasonable cybersecurity strategy, watch the BlueKeep: Havoc on the Horizon for Healthcare webinar.

Demo RequestForescout PlatformTop of Page