Computer security information
The Australian Cyber Security Centre is aware of widespread abuse of a security vulnerability (called BlueKeep) that affects older versions of Windows operating systems including Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008.
Hackers can use the BlueKeep vulnerability to access computers and devices that don’t have the latest software updates.
Once a device is infected, BlueKeep can spread malware to other computers or devices on the same network – including devices which have access to a remote desktop environment if you have a business that uses this.
Does it affect me?
Any organisation or business that relies on the older Microsoft systems is at risk.
How do I stay safe?
• Organisations and individuals using older versions of Windows systems should immediately install the Windows’ BlueKeep vulnerability software update at https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/
• If you’re a business and you use remote desktop, it’s very important to apply all the updates.
• Windows users shouldn’t access Remote Desktop Protocols (RDP) directly from the internet. Use a Virtual Private Network with two factor authentication if RDPs are required, whichever version of Windows you are running.
As a rule, it’s important to always install manufacturers’ software updates as soon as possible.
On 17 May 2019 Stay Smart Online issued an Alert on how to protect older versions of Windows from security flaws such as this one.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
You may have noticed we've updated our branding, to incorporate the Australian Cyber Security Centre ('the ACSC') logo, and complement the ACSC colours. This is to better reflect that Stay Smart Online is a part of the ACSC.
This information has been prepared by the ACSC. It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
You are receiving this message at the address firstname.lastname@example.org.
If you no longer wish to receive this information, you can unsubscribe.
© 2019 Australian Government.
All rights reserved.