News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Update: The “wormable” Win XP/Win7 RDP security hole, BlueKeep, still hasn’t been cracked

    Posted on May 29th, 2019 at 14:32 woody Comment on the AskWoody Lounge

    Forgive me for joining the Chicken Little crowd a couple of weeks ago and recommending that all of you folks running

    • Windows XP (including Embedded)
    • Windows Server 2003, Server 2003 Datacenter Edition
    • Windows 7
    • Windows Server 2008, Server 2008 R2

    install the latest patches for the “wormable” RDP security hole. (Kevin Beaumont has taken to calling the security hole “BlueKeep” and it seems the name has caught on.)

    Fortunately, I’m not aware of any problems arising from installing the patches. Unfortunately (???), the pressing need just wasn’t there.

    Why? Ends up that turning BlueKeep into a real exploit is a very difficult job. According to Beaumont:

    I’ve asked every expert I can find about an obvious solution — isn’t it sufficient to simply turn off the Remote Desktop Protocol in the user interface? (In Win7, Start > Control Panel > System and Security > System > Remote Settings, in the System Properties dialog box, click Don’t Allow Connections to This Computer.) That, and/or blocking port 3389 (the port RDP uses by default) should be enough to keep any RDP-related malware at bay. At least, it appears that way to me.

    But I haven’t received a positive response from any of those experts. The ones who know ain’t sayin’. And the ones who probably do know aren’t willing to stick their necks out. It’s hard to fault them: Microsoft hasn’t provided any guidance on the matter, one way or another, so if blocking RDP ends up being insufficient — no matter how logical — there’s a lot of exposure to the person making the recommendation.

    I’ll keep you posted as I hear more, but it looks like the Sky Ain’t Fallin’.