NSA Urges Users to Patch Remote Desktop Services on Legacy Versions of Windows
The National Security Agency (NSA) is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats.
Some time ago Microsoft said that Windows users should patch their systems against the BlueKeep (CVE-2019-0708) vulnerability. The company later issued a further warning stressing the importance of installing a patch. Microsoft says that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet.
Now the NSA has got involved, joining Microsoft in begging users to secure their Windows XP and Windows 7 computers.
BlueKeep is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008.
This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability.
In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall.