BlueKeep update: Criminals are exploiting Microsoft vulnerabilities
Hiscox emailed customers in May about the BlueKeep vulnerability when it was first discovered. We’ve now seen evidence that this vulnerability affecting Windows machines has been exploited by criminals.
How serious is this?
We employ experts in cyber to try and identify credible threats to our customers. BlueKeep is certainly one of them. Criminals could harm your business through this vulnerability in any number of ways, from accessing and stealing your data, to downloading malware that deletes your files and stops your business from operating.
It’s impossible to say if your business will definitely be impacted, but the risk has increased materially for those businesses who haven’t patched against this vulnerability.
But I’m a small business – won’t criminals target big, well known brands instead?
Criminals are opportunistic. To use an analogy, thieves would rather steal from the house with an open window than the one with a guard dog and an alarm system, even if they may have more to steal.
If your business is connected to the internet and you haven’t patched against this threat, you’re a potential target.
So what does that mean for you?
If you run Windows 7, Windows Server 2008 R2 or, Windows Server 2008, it is critical that you patch now. Beyond patching, the Windows 7 End of Life is January 14, 2020. This means Windows 7 will no longer be supported by Microsoft. You’ve likely already started the process of moving off of Windows 7; however, if not, you should consider purchasing ‘Extended Security Updates’ from Microsoft.
What does patching mean, and how do I patch?
When you log off at the end of the day, do you sometimes get asked to install updates? Or if your systems are managed by your IT team, they probably will install updates periodically. Often those updates fix vulnerabilities that make your computer safer. That’s known as patching.
Instead of waiting for one of those updates, it’s important you act now. Click here (external link) to learn more and patch your systems against the BlueKeep vulnerability.
We strongly recommend that customers ensure that they follow Microsoft’s advice and that if they are still running any of the affected operating systems, that they have installed the patch across their entire technology estate.