• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

InfoSec News

  • Home
  • Subscribe
  • Contact Us
  • Advertising
  • Privacy
  • About

CVE

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows

June 5, 2019 By William Knowles

FORT MEADE, Md., June 4, 2019 —

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.

This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. Please refer to our advisory for additional information. This is critical not just for NSA’s protection of National Security Systems but for all networks. In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Filed Under: News Tagged With: Advisory, BlueKeep, CSA, CVE, cybersecurity, DoD, InfoSec, InfoSecNews, Microsoft, National Security Agency, NSA, RDP, Remote Desktop, Security, Windows

Primary Sidebar

InfoSec News Stock Ticker

Ticker Tape by TradingView

Latest Tweets from InfoSec News

Tweets by @InfoSecNews_

Popular Tags

Business Continuity CEH China Citizenfour Code Talkers Crypto Cryptography Cyberattack Cybercrime Cyber Crime CyberCyberCyber cybersecurity Data Breach DDoS DoD EC-Council Edward Snowden Encryption Espionage FBI FISMA Google Hacker Hackers Hacking InfoSec InfoSecNews Intelligence Jay Bavisi Malware Microsoft NSA OPSEC OSINT Passwords PCI PII Security SnowdenWatch SSN USCYBERCOM USMC Wolfking Awesomefox WWII XSS

Upcoming Events

  1. ShmooCon

    January 31, 2020 - February 1, 2020
  2. CypherCon 5.0

    April 2, 2020 - April 3, 2020
  3. THOTCON 0xB

    May 8, 2020 - May 9, 2020
  4. CircleCityCon 7.0

    June 12, 2020 @ 8:00 am - June 14, 2020 @ 3:00 pm CDT

View All Events

RSS PacketStorm Security Advisories

  • Symantec Endpoint Protection Information Disclosure / Privilege Escalation
  • BeeGFS 7.1.3 Privilege Escalation
  • Red Hat Security Advisory 2019-4111-01
  • Red Hat Security Advisory 2019-4107-01
  • Red Hat Security Advisory 2019-4108-01
  • Ubuntu Security Notice USN-4214-1
  • Red Hat Security Advisory 2019-4109-01
  • Red Hat Security Advisory 2019-4110-01
  • Ubuntu Security Notice USN-4213-1
  • Ubuntu Security Notice USN-4212-1

RSS National Vulnerability Database

  • CVE-2019-16772
  • CVE-2019-9464
  • CVE-2019-2220
  • CVE-2019-2231
  • CVE-2019-2223
  • CVE-2019-2232
  • CVE-2019-2222
  • CVE-2019-2225
  • CVE-2019-2224
  • CVE-2019-2227

Archives

  • October 2019
  • September 2019
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • July 2018

Copyright © 2019 · InfoSec News · Log in