Security & Fraud

NSA Issues Warning About BlueKeep

The National Security Agency (NSA) has released an advisory, urging Microsoft Windows administrators and users to make sure they are using a patched and updated system to stay protected against cyber threats. Specifically, the warning pointed to BlueKeep, a vulnerability in the Remote Desktop Protocol (RDP) that is present in Windows 7, Windows XP, Server 2003 and 2008. The NSA noted that, while Microsoft has issued a patch, millions of machines could still be vulnerable.

"Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially 'wormable,' meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems, with wide-ranging impact, and are seeking to motivate increased protections against this flaw," the agency wrote in a press release.

The NSA went on to explain that this type of vulnerability is frequently utilized by hackers via software code that targets the vulnerability, including being able to carry out denial-of-service attacks.

"It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware, and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," the NSA added.

As a result, the NSA is urging everyone to know their networks, and run supported operating systems with the latest patches. In addition, users can "block TCP Port 3389 at [their] firewalls, especially any perimeter firewalls exposed to the internet;" enable Network Level Authentication, which "requires attackers to have valid credentials to perform remote code authentication;" and "disable remote Desktop Services if they are not required," which "helps reduce exposure to security vulnerabilities overall, and is a best practice, even without the BlueKeep threat."



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.