Site icon Sophos News

BlueKeep: firewall best practices

XG Firewall

CVE-2019-07-08, nicknamed BlueKeep, is a critical remote code execution vulnerability in Windows’ Remote Desktop Services. The bug is considered ‘wormable’ and so severe that Microsoft took the highly unusual step of including patches for the unsupported Windows XP and Windows Server 2003 in its May Patch Tuesday output, alongside patches for the affected operating systems it does support.

If this flaw is successfully exploited it could be used to create self-replicating malware like Slammer, WannaCry or NotPetya – a trio of network worms that used exploits to invade networks and spread globally in a matter of hours.

Patches that could have stopped those worms from spreading were available months before the outbreaks occurred. The race is now on to make sure history doesn’t repeat itself with CVE-2019-07-08.

So far the signs aren’t good. Two weeks after Microsoft’s patches dropped a scan revealed that a million unpatched devices were accessible over the internet, with likely millions more hidden from view, inside corporate networks.

Yesterday, the NSA (the U.S.A.’s National Security Agency) was moved to issue its own advisory, urging organizations to get on with the business of patching.

It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

Patching doesn’t get much more urgent than this but, as previous outbreaks have shown, it takes time.

An exploit could appear at any time so you need a way to protect yourself now, until the patching is done. As both Microsoft and the NSA say in their advisories, your Firewall can be your line in the sand.

Protect your organization against BlueKeep

All firewalls can pull up the drawbridge by blocking access to port 3389, which disables external RDP access for all machines, including the ones that nobody told your IT team about.

Besides blocking and unblocking vulnerable ports, Sophos XG Firewall provides other more nuanced and sophisticated layers of security. Its built in Intrusion Prevention System (IPS) looks at network traffic for exploits and stops them from passing through your network perimeter, or traversing the segments of your internal network.

At the same time that Microsoft announced the CVE-2019-07-08 vulnerability, SophosLabs issued an IPS update for all Sophos customers to ensure their XG Firewall-protected networks could stop these kinds of attacks dead in their tracks.

While we have a full guide on how to protect your network, here are the essential firewall best practices to stop vulnerabilities like BlueKeep from exposing your network:

XG Firewall and Synchronized Security are your best protection against the latest threats with industry leading protection and performance. Download our Firewall Best Practices to Block Ransomware guide to learn more.

Exit mobile version