Obsolete Connected Medical Devices vulnerable to BlueKeep
By Aneesh A S
Despite the fact that Microsoft has issued patches for the BlueKeep vulnerability almost a year ago, It’s been recently found by researchers from CyberMDX that more than 55 percent of medical imaging devices that include MRIs, XRays and Ultrasound machines are still running on outdated Windows versions that are vulnerable to the remote desktop protocol (RDP) flaw.
Bluekeep is a critical vulnerability that was discovered in Microsoft’s Remote Desktop Protocol which allows the possibility of remote code execution.
[ RDP service allows multiple users to interact with windows sessions remotely. It enables connection between a client and a server ]
On May 14th 2019 Microsoft released a patch for a critical vulnerability. The vulnerability dubbed BlueKeep affects the remote desktop protocol service which is widely used for remote control administration. The vulnerability is identified by CVE-2019-0708. Based on the criticality and severity of the flaw , Microsoft decided to release a patch for unsupported systems such as Windows XP and Windows Server 2003.
What makes the BlueKeep vulnerability so critical ?
- It affects RDP services used by millions of machines worldwide especially present in critical industries such as healthcare and industrial controls.
- It allows remote code execution.
- It can be weaponized to be wormable.
[ Wormable means code exploiting this vulnerability can self-propagate and spread rapidly. ]
How medical devices are affected by BlueKeep :
During the months following the discovery of BlueKeep , the researchers noticed an increase in scans for vulnerable systems , followed by active attacks exploiting the flaw.
Even though it has been a year since the patch was released, researchers have discovered that a distressing amount of connected medical devices are still vulnerable to BlueKeep. The wormable implications of BlueKeep on medical devices are especially concerning because of the fact that many hospitals were affected in a similar way during the 2017 WannaCry attack, disrupting numerous critical services at hospitals.
Besides BlueKeep , outdated Windows versions are also risking medical devices to a variety of other critical vulnerabilities like DejaBlue.
Challenges in patching BlueKeep
Patch Management is one of the issues for hospitals as to why they haven’t yet updated their medical devices. Researchers have said that most hospitals probably would not have patched more than 40 percent of their vulnerable devices even after four months after a major vulnerability was disclosed.
Patching is a challenge for these hospitals because in most cases these devices have to be running to for the patient and they cannot be taken offline inorder to apply an update. Another concern is that the hospital networks are so huge that it’s possible for the IT department to lose track of the assets , which can lead to some devices missing out on patches.
The main problem for hospitals is that many of these devices are running Windows 7 which is vulnerable to BlueKeep and Windows 7 is no longer supported by Microsoft. Therefore any other vulnerabilities uncovered in Windows 7 aren’t guaranteed security patches.
Possible Safeguard Measures for BlueKeep:
- Patch as soon as possible with the latest microsoft update.
- Disable RDP on Non-Sensitive systems.
- Monitor incoming RDP connections.
If it is essential to keep medical devices running on older systems on the hospital network , researchers propose that the devices are isolated from the rest of the network (i.e) closed off from the external internet when possible.
Patching these systems in a well-timed fashion goes a long way towards preventing cyber-attacks.