Jump to content

BlueKepp - apply windows patch is enough?


b1404

Recommended Posts

Hi, I recently read about the problem which is BlueKepp, the system itself has been updated (I have Win7) but in many places there is a advise: "Disable Remote Desktop Protocol" tip. In this tab I have checked "Do not Allow Connections to This Computer", should I also check "Allow remote assistance connections to this computer", or leave selected? Only Windows update is enough to protect me from BlueKeep? I attached screen of my settings.

xera_3.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.5yC3O_haWO.png

Link to post
Share on other sites

Greetings,

The patch is sufficient to protect your system from Bluekeep, however if you don't use Remote Desktop then there's no reason to leave it enabled, and disabling it will protect your system from any future Remote Desktop vulnerabilities/attacks, not just Bluekeep so if you don't use it I'd recommend disabling it.  Uncheck the box next to Allow Remote Assistance connections to this computer and click Apply then OK.

Additionally, you can disable the following services that I've circled in red if you don't use any kind of remote access or file sharing on your network (in other words if your computer just connects to the internet and you don't use network shares or network attached storage):

disable.png.bf43ec72bcd666f7291843cd6edad400.png

To disable them, click START and type services.msc and press Enter then scroll down the list and for each of the services I've circled above, double-click on it and using the drop-down menu next to Startup type: select Disabled and click Apply then click on the Stop button if the service is running.  You can do the same for the Server service (it is used for file and printer sharing over your network so if you don't use those features you can safely disable it).

You can also open Windows Firewall with Advanced Security and locate all of the Inbound and Outbound rules for Remote Assistance and Routing and Remote Access and disable them by right-clicking on each one that has a green checkmark next to it and selecting Disable Rule.  You can do the same for all of the rules related to File and Printer Sharing if you don't share any files or printers over your network.

Additionally you can take it a step further by clicking START and typing network connections and pressing Enter then double-clicking on the network connection that you use for connecting to the internet and clicking the Properties button (it should be on the lower left of the properties dialog) and beneath where it says This connection uses the following items: uncheck every checkbox except Internet Protocol Version 4 (TCP/IPv4) and Internet Protocol Version 6 (TCP/IPv6) and this will disable all file and printer sharing, remote access and SMB (the protocol exploited by the EternalBlue exploit for the WannaCry ransomware attack) so that they cannot be used to attack your system.

All of these changes will greatly enhance the security of your system because if all of these protocols and functions are disabled, they cannot be used to infiltrate your system even if some new exploit is discovered that we don't know about yet that uses one of them to attack systems.

Link to post
Share on other sites

You're very welcome :)

It's not a bad idea to take measures like this.  So many of the default components of Windows go unused by the majority of people yet increase the area of attack for potential hacks and vulnerabilities, so taking preemptive steps like this are a good idea to help keep your devices secure.  I've been doing things like this on my own systems for years, and in all that time since I started taking measures like this I've never been infected even once, and of course I also use Malwarebytes as it's proven most effective at preventing threats from getting in.

You can also take a look at the advice posted here by AdvancedSetup.  It's good advice for further securing your system.  I also highly recommend the Malwarebytes browser extension beta, it's excellent at blocking malware, ads, trackers, scams and other unwanted junk online.  You can learn more and download it at the following links (the Chrome version works on all Chromium based browsers including SRWare Iron, Microsoft's new Chromium based Edge browser, Vivaldi and others):

Chrome
Firefox

Edited by exile360
Link to post
Share on other sites

RE:  https://support.microsoft.com/en-us/help/4284826/windows-7-update-kb4284826

Look on the left, " In this release "

June 11, 2019—KB4503292 (Monthly Rollup)

Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.