Protect yourself against CVE-2019-0708 aka BlueKeep using Azure Sentinel and Microsoft Defender ATP
On May 14th 2019, Microsoft’s Security Response Center issued guidance that a vulnerability was found in Remote Desktop Services, formerly known as Terminal Services, allowing an unauthenticated hacker to execute code on the target system. Windows 7, Windows Server 2008 and 2008 R2 are affected.
Microsoft issued a fix and advised to patch directly because the vulnerability is ‘wormable’ and to prevent a situation such as with WannaCry and others. Underlining the importance of the CVE is the fact that Microsoft backported the fix to Windows XP and Windows Server 2003. The vulnerability was nicknamed BlueKeep in the infosec community.
Interested in more technical details? Select the dark button on the right
How can I defend against BlueKeep? What workaround or mitigations are available? How do I configure detections in Azure Sentinel? The dark button on the right hand side of the screen will take you to the technical details.
How can I protect myself from these types of attacks?
BlueKeep is a real threat. It has the potential to become the next big worm and impact hundreds of thousands of systems. Implementing cloud security is a key task to protect yourself from these types of attacks, and provide detection.
Wortell can help design and implement Azure Sentinel and other (cloud) security measures. However, we also provide it as a service through our Security Operations Center (SOC). Contact us for more information.
— Maarten Goet, MVP & RD