Critical vulnerability in RDP affects Windows operating systems

In recent days, a critical vulnerability has been detected in several versions of the Windows operating system.

Identified as CVE-2019-0708, and better known as BlueKeep, this vulnerability would allow remote code execution without the need to authenticate itself by exploiting a flaw in Remote Desktop Services (RDP).

The versions of Windows affected by this vulnerability are the following:

• Windows 7
• Windows Server 2008 R2
• Windows Server 2008
• Windows Xp
• Windows Server 2003

For its part, Microsoft released patches to correct this problem in its last update of May 2019. It is highly important to move forward with this update.

Additionally, we recommend validating that your Remote Desktop (RDP) services are not exposed to Internet. This is possible by blocking TCP port 3389 in perimeter network devices.