New security vulnerability, BlueKeep, found for Windows XP, Vista & 7, patch fix available for download


It appears that a new security vulnerability has been discovered that affects Windows XP, Windows Vista and Windows 7. This vulnerability, called BlueKeep, is basically a bug found in Microsoft’s implementation of the remote desktop protocol, and more than 800,000 computers – that were exposed to the Internet – were vulnerable to it.

Now the good news is that Microsoft has already released patch fixes for all Windows versions that were affected by BlueKeep. These fixes came out in May, though I’m pretty sure that they have passed under everyone’s radar.

But anyway, patches for the vulnerable versions that are still under support – aka Windows 7 – can be downloaded from here. Updates for Windows XP, Vista, and Server 2003 can be found here.

Microsoft has also shared more details about BlueKeep.

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Kudos to our reader Metal Messiah for bringing this to our attention

Thanks ArsTechnica