The National Security Agency (NSA) has added its weight to Microsoft’s by heavily recommending that Windows administrators update their systems to protect against the CVE-2019-0708 “BlueKeep” vulnerability.
Microsoft issued a patch for CVE-2019-0708 in May, but it’s estimated there are almost one million devices that have not been issued the update and remain vulnerable.
The NSA’s June 4 warning follows one issued by Microsoft on May 30 that strongly advised that all affected systems should be updated, noting that this particular vulnerability, which is wormable, can be specifically targeted by malicious actors.
“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” the agency said.
The NSA also suggested organizations take the following steps to increase resilience while the upgrade process takes place:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable Remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
Machines running on Windows 7, Windows Server 2008 R2 and Windows Server 2008, as well as the no-longer-supported Windows 2003 and Windows XP operations systems, are potentially vulnerable. Considering the severity of the flaw, Microsoft even issued fixes for the two non-supported versions, although the company has recommended that users upgrade to the latest version of Windows.
“The NSA’s cybersecurity advisory further underscores what a grave threat BlueKeep presents for users that haven’t updated. The comparisons to WannaCry are very apt – as far as these flaws go, it doesn’t get much worse,” said Corey Nachreiner, CTO at WatchGuard Technologies adding, “The fact that Microsoft has released updates for Windows XP and Server 2003 – operating systems that they’re no longer legally required to support – illustrates exactly how severe of a threat BlueKeep is for unpatched users.”
