THE NATIONAL SECURITY AGENCY (NSA) has issued a rare advisory urging admins to update their systems to protect against the 'BlueKeep' vulnerability.
The flaw, indexed as CVE-2019-0708, affects the Remote Desktop Protocol (RDP) service and affects older versions of the Windows operating system; only Windows 8 and Windows 10 systems are immune.
BlueKeep is pre-authentication and requires no user interaction. It's also wormable, which means that any malware exploiting the flaw to be able to spread from one vulnerable system to another.
It is considered so serious that Microsoft released patches for end-of-life operating systems, including Windows XP, Windows Vista and Windows Server 2003, in a bid to prevent another WannaCry-style exploit from emerging.
"NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches," the agency said.
"NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," the agency said.
The government listening agency also recommends orgs take the following steps to "increase resilience" while the upgrade process takes place:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable Remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
The NSA's warning comes as CERT warned of a new flaw in the RDP service - CVE-2019-9510 - that can be used to hijack existing RDP sessions. It's not wormable like BlueKeep, though, so it's unlikely to cause NSA panic. µ
OK Google, explain 'imminent disappointment'
We'd have called it Bridget
Investor leverages his $1.2bn stake in PC maker
Social network handed over info in 88 per cent of cases