At Go Security Pro, we are offering a courtesy BlueKeep scan to check if your network is exposing RDP services that could be exploited.
The BlueKeep vulnerability (CVE-2019-0708) is a remotely exploitable flaw in the Remote Desktop Protocol (RDP) Services on older versions of Windows.
In our Apply the BlueKeep Patch Now blog post, I detailed the systems it affects, which Microsoft patches to apply, why it is so critical, and other mitigating recommendations.
Today, seven weeks after our BlueKeep blog post and over two months since Microsoft issued the patch, a weaponized BlueKeep exploit is now baked into a commercially sold penetration testing toolkit.
On the Common Vulnerability Scoring System (CVSS) scale, BlueKeep is a 10.0, which is the highest possible score. A remote attacker with no privileges can gain complete control of a vulnerable system. All that is needed is network connectivity to a vulnerable RDP service.
If you have a vulnerable RDP service exposed to the Internet, it is only a matter of time before the system is compromised.
To claim your courtesy scan, please send an email to email@example.com and provide a listing of your public IP addresses you want us to scan. It can be a set of IP address ranges, CIDR blocks, or just a single IP address.
Even if you are fairly certain you are not impacted, take us up on the offer to verify.
Now is the time to take action.
To your security,
Geoff Wilson is CEO and Security Pro Coach at Go Security Pro. Geoff helps companies with complex cybersecurity obligations create momentum around a simple, prioritized plan that supports the business goals. Geoff has a Master of Information Security from Carnegie Mellon University and a Computer Science degree from the University of Oklahoma. He taught a graduate-level Information Security course at the University of Oklahoma for four years. Geoff is a published author, has worked with the National Security Agency, has consulted with the Executive Office of the President, and has been in Information Security for 17 years.