BlueKeep & GoldBrute Threats to RDP servers…
In recent news, two threats have emerged that attack RDP servers. In lay terms, this is the technology that lets you remote into your server, a workstation or other Windows computer usually from home, a remote office or elsewhere and control it as if you were sitting in front of the machine. Terminal Services, RDS, etc. are examples.
The threat is that a recently discovered exploit called BlueKeep can apparently gain access through RDP at the administrative level which may then allow the hacker to access any computer on your network and then drop any infection, malware, ransomware or other nasty wherever he/she pleases. Patches for Windows 7 and Windows Server 2012 and newer operating system versions have already been released as part of Microsoft’s routine patch releases. So as long as those are being regularly patched and current, they should be protected, but it’s worth making sure yours are.
The bigger risk might be to older Windows XP and Windows 2003, 2008 and 2008 R2 servers which are no longer included in Microsoft’s automatic patching process. However, Microsoft apparently believed that the threat was serious enough that released special patches for those older systems that can be manually downloaded and applied.
We urge all clients and readers of this email to not ignore this matter and help protect your network and the network of others first by making sure that patching is completed ASAP on all computers on your network. In addition, there are other best practice infrastructure changes that can be made to reduce this type of risk such as deploying RDP gateways, etc. If you need assistance, Exelos is available to provide help, but regardless of who you have do it or how you get it done, please do not put it off.
Here are some links to articles on the topic if you wish to read more…
Seemingly coincidental to the BlueKeep threat which worms its way into RDP sessions, GoldBrute hit the wild at nearly the same time and uses good ole brute force password guessing to gain access to RDP accounts. This attack is peaking NOW so please don’t ignore it. You can read more below…
Again, there are advanced approaches to thwart this type of threat that best practices suggest, but a good start is to make sure you are using complex passwords and only necessary accounts have RDP privileges. If you’re unsure, Exelos can help.
This email is sent as a courtesy to all who subscribe to our newsletter. We are not in the business of using events like this to create fear as a means of gaining business. We sincerely felt we had a responsibility to share this information with as many people as possible and encourage you to forward this email to others. If your system becomes infected, it can be added to botnets used to attack others. It’s just common courtesy to make sure your network is secure.
Edgar ‘Tack’ Hammer, President Exelos