The NSA has joined Microsoft in warning of BlueKeep vulnerability
Microsoft recently issued a patch to deal with a critical security vulnerability known as BlueKeep. Since then Microsoft has begged users to make sure their machines are updated, including older operating systems that are no longer supported.
The NSA said the following:
CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in Remote Desktop Services (RDS) on legacy versions of the Windows operating system. The following versions of Windows® are affected:
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
This vulnerability is so potentially bad that fixes for Windows XP, Server 2003 and Windows Vista were released. Currently supported Microsoft operating systems Windows 10 and the soon-to-be unsupported Windows 7 also have security updates to deal with BlueKeep.
However, to stay safe from this vulnerability, ALL computers running these systems need to install these patches to update. And they need to do so as soon as possible. It has become such a threat that the NSA came out with their own statement, echoing Microsoft’s, about the importance of making these updates, this past Tuesday.
NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” the organization said in a statement. “This is critical not just for NSA’s protection of National Security Systems but for all networks.
Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
It is important that you heed these warnings and install these updates. Most Windows machines are set to auto-update. If this is the case, make sure to sign out, or turn your computer off when you are done for the day so that they may be installed. If you have turned off auto-updates, you will need to either turn these back on, or scan for needed updates.