NSA Issues Warning About BlueKeep

The National Security Agency (NSA) has released an advisory, urging Microsoft Windows administrators and users to make sure they are using a patched and updated system to stay protected against cyber threats. Specifically, the warning pointed to BlueKeep, a vulnerability in the Remote Desktop Protocol (RDP) that is present in Windows 7, Windows XP, Server 2003 and 2008. The NSA noted that, while Microsoft has issued a patch, millions of machines could still be vulnerable.

“Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems, with wide-ranging impact, and are seeking to motivate increased protections against this flaw,” the agency wrote in a press release.

The NSA went on to explain that this type of vulnerability is frequently utilized by hackers via software code that targets the vulnerability, including being able to carry out denial-of-service attacks.

“It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware, and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” the NSA added.

As a result, the NSA is urging everyone to know their networks, and run supported operating systems with the latest patches. In addition, users can “block TCP Port 3389 at [their] firewalls, especially any perimeter firewalls exposed to the internet;” enable Network Level Authentication, which “requires attackers to have valid credentials to perform remote code authentication;” and “disable remote Desktop Services if they are not required,” which “helps reduce exposure to security vulnerabilities overall, and is a best practice, even without the BlueKeep threat.”