News

NSA warns system administrators to apply BlueKeep patch

By admin
Spread the love

The NSA warns system administrators to update their networks so that they remain protected from potential worm attacks. The security service refers to BlueKeep, an RDP leak for which a patch is now available.

The NSA’s warning specifically addresses CVE-2019-0708, a vulnerability also known as BlueKeep. That is a former zero-day vulnerability that mainly affects older computer systems. Windows XP and Windows 7, and Windows Server 2003, 2008 and 2008 R2 are therefore vulnerable to attacks. Microsoft has since released a patch for the vulnerability.

BlueKeep is a vulnerability in remote desktop services on Windows. It is a similar problem to the one that major ransomware attacks such as WannaCry and (Not)Petya managed to exploit, causing millions of euros in damage. The NSA warns that if systems are vulnerable and not up to date, there is a chance of such an attack again. Although a patch is already available, many system administrators have not yet implemented it. There are still more than a million vulnerable systems connected to the Internet. Patches were also available for the vulnerabilities that WannaCry and (Not)Petya used, but in many cases they had not been implemented.

It is the first time that the US security service has responded to the situation. The NSA, which is sometimes called ‘Never Say Anything’, almost never does that. The service has also never spoken out about the controversial theft of tools brought out by the ShadowBrokers group.

“We’re calling on everyone to invest time and resources in getting to know your network and patching operating systems. That’s important not only for protecting national security systems that the NSA protects, but for all networks.” The service gives a number of tips to system administrators, such as closing tcp port 3389, and enabling Network Level Authentication. Also, system administrators should disable remote desktop services if they don’t need those services.

The NSA is not the only party to warn against patching systems. Earlier this week, Microsoft did the same.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…