A critical vulnerability called “BlueKeep” put Remote Desktop Protocol (RDP) security on everyone’s radar earlier this year. Just a few months later, Microsoft announced a related vulnerability, DejaBlue. RDP exploits are no joke—Rapid7’s Project Sonar estimates that around 900,000 workstations and servers running RDP around the world are vulnerable. And, since Nov. 1, Rapid7’s Project Heisenberg caught 12,949 unique IPv4s, with endpoints in the Netherlands, Italy, and France accounting for nearly 70% of the unique sources.
Recently, I joined Randy Franklin Smith from Ultimate IT Security to talk about BlueKeep, DejaBlue, and the potential for further RDP exploits. In the webcast, we discussed the lessons you can learn from these exploits, how to protect your organization, and how Rapid7 InsightVM can help in the fight against BlueKeep and similar vulnerabilities.
Not an InsightVM customer? Scan your network for RDP vulnerabilities today.
Get Started
How BlueKeep works
According to Randy, the attack on RDP was long overdue. RDP is a complex, functionally rich protocol, which means it has a large attack surface. It was only a matter of time before hackers turned their attention to the protocol’s weaknesses. We know about BlueKeep, which affects Windows 2008 R2 and earlier, and DejaBlue, which affects newer systems, but there will probably be more to come.
BlueKeep seeks to run malicious code in the kernel memory of the server, allowing the hacker to ..
Support the originator by clicking the read the rest link below.
