NSA urges admins to patch BlueKeep vulnerability

News by Doug Olenick

The NSA's warning follows one issued by Microsoft on 30 May that strongly advised that all affected systems should be updated

USA's National Security Agency (NSA) has added its weight to Microsoft’s by heavily recommending that Windows administrators update their systems to protect against the CVE-2019-0708 "BlueKeep" vulnerability.

Microsoft issued a patch for CVE-2019-0708 in May, but it’s estimated there are almost one million devices that have not been issued the update and remain vulnerable.

The NSA’s 4 June warning follows one issued by Microsoft on 30 May that strongly advised that all affected systems should be updated, noting that this particular vulnerability, which is wormable, can be specifically targeted by malicious actors.

"NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," the agency said.

The NSA also suggested organisations take the following steps to increase resilience while the upgrade process takes place:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable Remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Machines running on Windows 7, Windows Server 2008 R2 and Windows Server 2008, as well as the no-longer-supported Windows 2003 and Windows XP operations systems, are potentially vulnerable. Considering the severity of the flaw, Microsoft even issued fixes for the two non-supported versions, although the company has recommended that users upgrade to the latest version of Windows.

"The NSA’s cybersecurity advisory further underscores what a grave threat BlueKeep presents for users that haven’t updated. The comparisons to WannaCry are very apt – as far as these flaws go, it doesn’t get much worse," said Corey Nachreiner, CTO at WatchGuard Technologies adding, "The fact that Microsoft has released updates for Windows XP and Server 2003 – operating systems that they’re no longer legally required to support – illustrates exactly how severe of a threat BlueKeep is for unpatched users."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop