NSA Says Installing Microsoft Windows Patch Tuesday Will Kill ‘Wormable’ BlueKeep Vulnerability
The US National Security Agency (NSA) has given its vote of confidence to the monthly security updates delivered by Microsoft to support Windows PC systems. The NSA said it's imperative that the latest patches are installed in light of the recent discovery of BlueKeep, a security flaw that can potentially cause harm in the magnitude of the WannaCry malware.
In 2007, WannaCry was deployed, allegedly by North Korean agents, and the ransomware hijacked hundreds of thousands of computers that resulted in millions of dollars in damages. BlueKeep is said to have the same characteristics as WannaCry - the program is able to take advantage of exploits found in the Remote Desktop Protocol (RDP) features of old but still active Windows versions such as Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008, according to Fortune.
The flaw, tracked by Microsoft as CVE-2019-0708, has been labeled with wormable behavior, and the NSA said "it could spread without user interaction across the internet," when left unchecked.
"We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw," the agency warned.
However, the NSA said that the worst-case scenario can be prevented from playing out by the simple act of regularly installing security updates, which Microsoft religiously provides every second Tuesday of the month. In doing so, Windows users will allow the efficient protection of interconnected systems, including that of the National Security Systems.
Most vulnerable in particular are systems still running on Windows XP and 7, which when infected can easily suffer a meltdown through a denial of service attacks.
That is why it is critical that the regular updates from Microsoft are installed the moment they become available with the NSA urging strongly "to invest the time and resources to know your network and run supported operating systems with the latest patches."
In addition to update installation, the US agency also recommended the deactivation of Desktop Services when unneeded in order to reduce the exposure to security vulnerabilities. It's important too that the Network Level Authentication is enabled so as to keep unauthorized intrusions at bay. Lastly, users are urged to block TCP Port 3389 on their firewalls to ensure that surreptitious network connections are not allowed.
The NSA advisory was issued as a new RDP vulnerability has been identified and tracked as CVE-2019-9510, ZDNet said will not be patched until the next update deployment on June 11. The flaw can be exploited to hijack an active RDP session on vulnerable systems, thereby giving remote access to attackers, the report added.
It's a good thing though that CVE-2019-9510 is seen as less harmful compared to BlueKeep since the former cannot be employed to launch a large-scale attack. Also, the exploit is only possible if the attacker has direct access to an RDP connection in use.