11 November 2019

What’s happened?
The Australian Cyber Security Centre has received reports that hackers are using a security vulnerability called BlueKeep to install malicious software on devices using older versions of Windows.

This follows on from the Stay Smart Online Alerts issued in August and May, urging users of pre Windows 10 operating software to update their software immediately to protect against this vulnerability.

Hackers can use the BlueKeep vulnerability as the access point into computers and devices that don’t have the latest software updates.

Once they have gained access through the BlueKeep vulnerability, cybercriminals can install malicious software that mines virtual currency, otherwise known as cryptomining, install ransomware that locks up your data or steal your personal or financial information.

Does it affect me?
Any organisation or business that uses older versions of Microsoft software is at risk. Microsoft has provided free patches for vulnerable software versions including Windows 7, Windows Server 2008 R2, and Windows Server 2008 and out-of-support systems including Windows 2003 and Window XP.

How do I stay safe?
  • If you run Windows software that is older than Windows 10, take a minute to download the free updates to fix the vulnerability (“patches”) available from Microsoft. A few minutes spent patching now could save you or your business weeks or months repairing the damage caused by a cybercriminal.
  • If you’re a business and you use Remote Desktop Protocol (RDP) such as for remote administration, it is essential that you apply the relevant patches and implement the other mitigation advice provided by the ACSC: Bluekeep Advisory – CVE-2019-0708.
  • In particular, Windows users shouldn’t access RDP directly from the internet. Use a Virtual Private Network with two factor authentication if RDP is required, whichever version of Windows you are running.

More information
As a rule, it’s important to always install manufacturers’ software updates as soon as possible.

Automatic updates are turned on by default in Windows 10, and you can switch automatic updates on for Windows 7 and 8.1. Refer to Windows Update for information on how to do this.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by the ACSC. It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.