The Windows update you really do need to install today

There’s a security bug in Windows that’s so serious Microsoft has released fixes for version of Windows they don’t officially support anymore.

Here are links to the critical updates necessary or workaround if updating isn’t possible.

About Bluekeep

The Bluekeep security hole is being used by criminals to attack computers to install ransomware or steal data. It takes advantage of a bug in the Remote Desktop Protocol (RDP) that’s part of Windows.

Once infected, it can spread to other computers on the network. That’s what makes Bluekeep so dangerous and why it’s being compared with the Wannacry bug which caused so much trouble a few years ago.

Government agencies like the US National Security Agency and Department of Homeland Security, the National Cyber Security Centre in the UK and the Australian Cyber Security Centre have all warned about this vulnerability and urge people to update their systems.

Computers are vulnerable even if you don’t use Remote Desktop Protocol.  RDP is on by default and most people/admins don’t turn the service off.

Bluekeep is such a worry that Microsoft has released patches for older versions of Windows they don’t officially support anymore.  The risk is also the reason why we’re straying beyond our usual Microsoft Office territory to make sure our readers know what to do.

In typical Microsoft fashion, they’ve not made the patches very clear to the public.  Their page with the Bluekeep related patches makes NO mention of the term ‘Bluekeep’ which is what most people are looking for.   No reference to the affected Remote Desktop Protocol either.  CVE-2019-0708 is the code reference for what’s commonly called ‘Bluekeep’.

Microsoft’s Bluekeep patch page, not that you’d know it!

Windows 10

Already protected.  No action necessary

Windows 8

Already protected.  No action necessary

Windows 7 SP1

The best option is to run Windows update to ensure all security patches are installed to date.

32-bit: Security update only

64-bit: Security update only

Those links are according to Microsoft though the KB articles for those patches make no mention of Bluekeep, CVE-2019-0708 or even the Remote Desktop Protocol!  That might seem strange but it’s typical of Microsoft’s poor public documentation of security updates.

Windows Vista SP2

Update

Windows Vista x64 Edition SP2

Update

Windows XP SP3 x86

Update

Windows XP Professional x64 Edition SP2

Update

Windows XP Embedded SP3 x86

Update

Windows 2000

According to some reports, Windows 2000 is also vulnerable to Bluekeep attacks.

There’s no patch for Windows 2000 but there’s a workaround …

Bluekeep protection without the patch

If you can’t patch any affected versions of Windows, use these workarounds instead.

The workaround is to block access to incoming Remote Desktop connections:

  • Disable the Remote Desktop service
    and/or
  • Block incoming connections on port 3389 (the RDP port) using a firewall program.

Microsoft downloads only

All the above links are to Microsoft which is the only place to download updates for Windows or Office.  The publicity about Bluekeep is sure to bring out opportunists offering ‘fixes’ for a fee or updates which include unwanted ‘extras’.  Ignore them.

Virtual Machines

Don’t forget to update any virtual machines.  VM’s often run older Windows for testing or compatibility.  Guest machines are easy to overlook when updating.

Windows Server updates for Bluekeep

Windows Server 2008

See https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Windows Server 2003 SP2 x86

Security Update

Windows Server 2003 x64 Edition SP2

Security Update

Windows Server 2003 R2 SP2

Security Update

Windows Server 2003 R2 x64 Edition SP2

Security Update