“Aware of malicious activity that indicates potential widespread abuse”.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued a late evening warning to business and government that a recently revealed legacy Windows exploit has jumped ‘research’ quarantine and is expected to start fanging victims imminently.
“A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit,” ACSC said in an alert.
“The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems.”
ACSC chief Rachel Noble reckons up to 50,000 devices of Australian entities could be affected, with the protectorate having already “notified governments and critical infrastructure operators across Australia.”
“Any organisation or business that relies on the older Microsoft systems is at risk,” Ms Noble said.
“The compromise of an unpatched system could increase the chance that your network could be exploited.”
Noble stressed that the inconvenience of rolling the already available patch was easily outweighed by the potential consequences.
“Patching may require you to restart your computers but this is a small price to pay when the risk of a compromise occurring could harm your business and its customers,” Noble said, pointing to the patch which has been available for weeks.
“It is critical that organisations and individuals operating older versions of Windows systems.” ASD said. “Immediately install Windows’ BlueKeep vulnerability patch - CVE-2019-0708, available at https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/.”