Security Advisory: Increased BlueKeep Activity


Within Australia there has been a significant spike in activity of the Microsoft Remote Desktop Protocol vulnerability known as BlueKeep. Only older operating systems such as Windows 2000 through to Windows 7 and Server 2008 are vulnerable to BlueKeep, and Microsoft quickly released an out-of-band update for those older operating systems to patch this vulnerability.

If you have an active CNET Plus or Premium agreement, rest assured that Intuit Technologies ensures your managed devices are kept up-to-date with patches to protect against these new and emerging threats.

For those who do not have an active CNET Plus or Premium agreement, please take action to protect yourself by keeping your operating systems up-to-date and limiting Remote Desktop Protocol access from outside of your private network. Further details can be found online, but please do not hesitate to contact Intuit Technologies for help.

The real threat of BlueKeep is its malicious payload, which is often a form of ransomware. As you may know from previous advisories or other sources, ransomware is a type of malware that encrypts files on infected systems, usually delivered via SPAM email containing an attachment embedded with malicious code, or a hyperlink to a malicious website. Unfortunately, as anti-spam and antivirus systems evolve to provide protection for one type of ransomware, a new one emerges to pose a threat.

What do I need to look for?

If you are receiving unexpected emails containing hyperlinks or attachments, please do not click on them unless you are certain it is from a safe source. For example, if the sending email address does not represent the purported vendor, do not click on it.

Misspelling is common in this sort of attack as well. Current fake senders focus on invoices, online banking or online accounts information, courier deliveries (Australia Post) and infringement/fine notifications.

Your diligence is an important part of protecting against this type of attack. Remember to be alert, not alarmed!

What do I do if I think I’ve clicked on the wrong button?

If you think you have initiated a ransomware or any virus-related attack, immediately shut down your PC/laptop and call the Service Desk. This may help prevent the virus from spreading to network drives, limiting it to just one PC.

If you are ever unsure about an email and would like some comfort, the best course of action is to call the Service Desk for advice rather than forwarding the email. Remember, if it is not expected it should be treated with caution.

Is there anything else I or my organisation can do to prevent these?

There is always more that can be done, but this needs to be balanced against your business needs and or course, any budget restrictions that exist. If you want to know more about your levels of protection and how these can be enhanced, please contact your Account Manager directly or via email to