The issue is a remote code execution flaw in Remote Desktop Services (RDS) that it can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests.
As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks.
The vulnerability doesn’t affect Windows 8 and Windows 10, anyway previous versions are exposed to the risk of cyber attacks.
Microsoft also advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this vulnerability.
Experts at 0patch, released a security patch to address the BlueKeep vulnerability, it is a tiny micro-patch composed of 22 instructions that can be deployed by administrators to protect always-on servers.
The main difference with the patch released by Microsoft is that the 0patch’s micropatch
However, unlike Microsoft’s security fix, 0patch’s micropatch does not require rebooting, the deployment of security updates on always-on servers sometimes is deployed because normally it is not possible to restart them without following specific procedures.
At the time the fix only works on systems running 32-bit Windows XP SP3, anyway, the expert plan to
0patch confirmed that the released code is a PRO-only micropatch, this means that only PRO users will automatically have it applied within 60 minutes or upon manual sync.
Several security experts have developed PoC exploits for
Don’t waste time, patch your system against the BlueKeep vulnerability asap, it is a matter of time that hacker will start to exploit the issue in attacks in the wild.