Microsoft Issues Critical BlueKeep Patch for Outdated OS
Microsoft has released crucial security patches for several outdated operating systems, including Windows 7, Server 2008 & R2, Windows XP, and Server 2003. These updates address a high-risk vulnerability, known as BlueKeep, which allows unauthenticated attackers or malware to execute malicious code on vulnerable systems.
The BlueKeep vulnerability, identified as CVE-2019-0708, affects Remote Desktop Services in the listed operating systems. It enables an attacker to remotely execute code without requiring any authentication. Microsoft addressed this issue in its May 2019 Patch Tuesday release.
RiskSense, a cybersecurity company, developed an unauthenticated test for BlueKeep in May 2019. To remediate the vulnerability, Qualys Patch Management can be used across all affected OS, including the long-unsupported Windows XP and Server 2003. Qualys has issued a special QID (91534) for Qualys Vulnerability Management, covering BlueKeep across all impacted systems. Additionally, a new unauthenticated check for BlueKeep vulnerability has been released under QID 91541.
Qualys also provides an AssetView Dashboard to track the vulnerability across different environments. While Network Level Authentication (NLA) partially mitigates the BlueKeep vulnerability, Microsoft's patches are the recommended solution to fully address the issue.
The BlueKeep vulnerability poses a significant threat to outdated operating systems. Microsoft's recent patches are crucial for protecting vulnerable systems. Users and administrators are advised to apply these updates promptly. For tracking and managing the vulnerability, Qualys offers effective tools and resources.
