The National Security Agency (NSA) in the US has issued a warning to those making use of Microsoft Windows to ensure that their systems are up to date so as to safeguard themselves against malware attacks and similar.
Administrators are now being urged to make sure they’re using a patched and updated system – particularly if using older versions of the software, with patches installed to address protocol vulnerabilities… a flaw that could be wormable, which means it can spread across the internet without user interaction.
BlueKeep, a vulnerability in the remote desktop protocol, is present in Windows XP and Windows 7, as well as Server 2003 and 2008 – and there are potentially millions of machines out there still vulnerable, despite the fact that Microsoft has issued a patch.
“We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw,” the organisation observed.
This kind of vulnerability is exactly what cyber criminals are looking for and are able to exploit through the use of software code. For example, it could be exploited to conduct denial of service attacks and it is probably only a question of time before remote exploitation code is available for this particular vulnerability, the NSA went on to note.
While large networks are patched and upgraded, the NSA is calling for administrators to increase their resilience by blocking TCP Port 3389 at firewalls, particularly any perimeter firewalls that are exposed to the internet.
Network Level Authentication should also be enabled, as this will require potential attackers to have proper credentials in order to carry out remote code authentication.
And remote Desktop Services should be disabled if they’re not required, as disabling any unnecessary or unused services will help to reduce exposure to security vulnerabilities – and this should be considered best practice even when you don’t take into account the BlueKeep threat.
How dangerous is BlueKeep?
Given that the NSA has issued a warning over BlueKeep, Microsoft Windows users may want to take it as seriously as they can and do everything in their power to protect their networks and systems.
Cyber security professionals have been warning that the vulnerability could trigger attacks along the same lines as the WannaCry worm, which had such a big impact back in 2017. All it will take is one vulnerable connected computer to provide a gateway into networks, which is where malware can be spread – and infect computers right the way across a business network.
If you’re especially concerned that you’re not doing all you can, get in touch with ransomware consultants Infosec today to see how we can help.