NSA Urges Windows Users to Install Patches for the Wormable BlueKeep Security Flaw
The National Security Agency (NSA) has issued an alert warning Windows users to install the latest security patches to avoid a WannaCry-like situation. The alert comes after Microsoft released warnings to install fixes for the wormable BlueKeep security vulnerability (tracked as CVE-2019-0708).
"The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats," the alert issued last night reads. "Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw."
Microsoft: BlueKeep could propagate from vulnerable computer to vulnerable computer like the WannaCry malware
As reported earlier, BlueKeep is a vulnerability in the Remote Desktop (RDP) protocol that affects Windows 7, Windows XP, Server 2003 and 2008 putting millions of machines at risk. The NSA's alert comes a week after Microsoft issued a follow-up warning to Windows users to update all impacted systems as soon as possible.
Microsoft had released patches for the BlueKeep vulnerability on May 14. At the time, there was no known exploitation of the vulnerability. The NSA echoed Microsoft's message saying that it is "likely only a matter of time before remote exploitation code is widely available for this vulnerability."
"This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," the NSA alert adds.
For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
Along with installing patches released by Microsoft, the security agency has also recommended to take the following additional measures:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.