June 2019 Threat Intelligence (CRITICAL ALERT)
The US National Security Agency (NSA) is warning Microsoft Windows users of a major security vulnerability. The NSA recommends that Windows administrators update their systems to protect against CVE-2019-0708, also known as “BlueKeep.”
Although Microsoft issued a patch for CVE-2019-0708 in May, they predict that one million devices were not issued with the update and are left highly vulnerable.
What is ‘BlueKeep’?
BlueKeep is a type of malware that exposes those with old Windows versions to cyberattacks. Microsoft and the NSA are urging Windows 7, Windows XP and Server 2003 and 2008 users to update their systems immediately.
Microsoft has issued a warning stating that almost 1 million computers connected to the internet are presently vulnerable to the ‘BlueKeep’ worm, particularly leaving those within a corporate network at risk.
Microsoft States in a Security Notice...
“It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.”
Along with Microsoft’s warning, the NSA released its alert:
"It is likely only a matter of time before remote exploitation code is widely available for this vulnerability, NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems."
The BlueKeep worm has been considered highly dangerous. It is being compared to the ‘WannaCry’ virus, which infected hundreds of thousands of computers globally in 2017, causing billions of dollars in damage.
The NSA recommends security teams take 3 other steps, in addition to applying the patch, to keep attackers from taking advantage of BlueKeep:
- Block TCP port 3389 at the firewall. This port is used by the RDP, and attackers could use this open port to establish a connection to the network.
- Enable network-level authentication because an attacker would need valid credentials to perform remote code execution.
- Disable remote desktop services if these tools are not being used.
Related Articles:
- [THREAT INTELLIGENCE] Microsoft Urges Windows Users to Patch Critical Update Now
- Is Ransomware the Biggest Threat to Your IT Security?
- A Buyer's Guide to Patch Management Software
- Types of Penetration Test - What’s the Difference?
- Pros and Cons of Outsourcing Your Cyber Security: In-House or Managed SOC?