BlueKeep Windows vulnerability is so serious, even the NSA wants you to patch your system
It's around three weeks since Microsoft first urged Windows users to patch their systems against the BlueKeep (CVE-2019-0708) vulnerability. Concerned that not enough people were taking notice, the company then issued a further warning stressing the importance of installing a patch.
Now the NSA has got involved, joining Microsoft in begging users to secure their Windows XP and Windows 7 computers. The agency says that is "concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems".
- Microsoft implores Windows users to install patch for wormable BlueKeep Remote Code Execution vulnerability
- Windows 10 May 2019 Update causes Wi-Fi dropouts for some users
- Exploit developer SandboxEscaper reveals Windows 10 Task Scheduler zero-day -- and says there are more to come
Both Microsoft and the NSA warn that the exploit is "wormable", and both are eager to avoid a repeat of the WannaCry worm that affected systems around the globe back in 2017. The NSA's warning urges people to "patch Remote Desktop Services on legacy versions of Windows" -- specifically Windows 7, Windows XP, Server 2003 and 2008.
The agency echoes the concerns of the Windows-maker, saying "although Microsoft has issued a patch, potentially millions of machines are still vulnerable".
It goes on to say:
This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. Please refer to our advisory for additional information. This is critical not just for NSA's protection of National Security Systems but for all networks.
In its security advisory, the NSA also provides tips that people can follow to secure their systems:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.