windows upgrade

Update Windows immediately to guard against BlueKeep

‘Bluekeep’ is a vulnerability in remote desktop services (RDS), which, although first reported in May 2019, has recently seen a resurgence.  The systems at risk include Windows 7, Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP.

It is estimated that 500,000 systems could still be exposed to BlueKeep, despite Microsoft releasing patches against it shortly after the May discovery.

Duncan Sutcliffe, director, Sutcliffe & Co, commented: “Being cyber secure is essential and running system updates should be a regular practice. If your business’ computers are running an operating system that could be affected by this vulnerability, then a simple update is all it will take to fix.”

What is the threat?

Bluekeep is ‘wormable’, which basically  means it can be used to spread malware without needing authentication or user interaction. A good example of a similar vulnerability is the WannaCry malware that spread across the globe in 2017, infecting over 200,000 computers in a couple of days.

What should I do?

Microsoft has released an update which fixes the vulnerability and strongly advises that all affected systems should be updated as soon as possible.

Links to critical patches are found on the Security Guidance Advisory page on Microsoft’s website: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Duncan concluded: “It is incredibly important to keep on top of regular patching and updates as a matter of course. We also recommend businesses should strive for Cyber Essentials certification, which helps ensure the right systems, procedures and protocols are in place to help guard against cyber threats .”

For any questions about this vulnerability or how to apply the update, then please contact your IT service provider as soon as possible.

Duncan Sutcliffe
Director, Sutcliffe & Co Insurance Brokers, Worcester, Worcestershire