What you need to do
It is important that organisations and individuals operating older versions of Windows systems install Windows’ BlueKeep vulnerability patch - CVE-2019-0708, available at https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/
Affected versions of Windows operating systems include;
- Windows 7
- Windows Vista
- Windows XP
- Server 2003 and
- Server 2008 operating systems.
Windows users should deny access to Remote Desktop Protocols (RDP) directly from the internet, or utilise a Virtual Private Network (VPN) with multifactor authentication if Remote Desktop Protocols are required, regardless of the version of Windows you are running.
As a rule, it’s important to always install manufacturers’ updates as soon as possible.
For the ACSC Advisory, including detailed mitigation advice visit here.
Further information about CVE-2019-0708 (BlueKeep) is available on Microsoft’s website.
More information on protecting Australian Business Remote Desktop Protocol (RDP) services is available here.
To report a cybercrime, visit cyber.gov.au/report.