At Go Security Pro, we are offering a courtesy BlueKeep scan to check if your network is exposing RDP services that could be exploited.
The BlueKeep vulnerability (CVE-2019-0708) is a remotely exploitable flaw in the Remote Desktop Protocol (RDP) Services on older versions of Windows.
In our Apply the BlueKeep Patch Now blog post, I detailed the systems it affects, which Microsoft patches to apply, why it is so critical, and other mitigating recommendations.
Today, seven weeks after our BlueKeep blog post and over two months since Microsoft issued the patch, a weaponized BlueKeep exploit is now baked into a commercially sold penetration testing toolkit.
On the Common Vulnerability Scoring System (CVSS) scale, BlueKeep is a 10.0, which is the highest possible score. A remote attacker with no privileges can gain complete control of a vulnerable system. All that is needed is network connectivity to a vulnerable RDP service.
If you have a vulnerable RDP service exposed to the Internet, it is only a matter of time before the system is compromised.
To claim your courtesy scan, please send an email to firstname.lastname@example.org and provide a listing of your public IP addresses you want us to scan. It can be a set of IP address ranges, CIDR blocks, or just a single IP address.
Even if you are fairly certain you are not impacted, take us up on the offer to verify.
Now is the time to take action.
To your security,
Geoff Wilson is an innovative cybersecurity thought leader with deep experience in defensive cybersecurity strategies. Having studied at Carnegie Mellon University and trained at the National Security Agency, Geoff brings 17 years of cybersecurity experience to your organization.
In his many cybersecurity roles, Geoff has been an IT Auditor, Penetration Tester, Risk Assessor, Forensic Analyst, SOC Engineer, Information Security Officer, Software Developer, Author, University Professor, and Consultant.
Geoff is a business leader having founded Go Security Pro in early 2019 with his co-founder Susan Wilson. Geoff regularly speaks at conferences, presents to executive leadership and boards, and can get in the technical weeds with IT professionals.
Geoff treats every engagement as a knowledge transfer opportunity and every client with the utmost care. He is ready to assist you with your cybersecurity challenges.