NSA Urges Legacy Windows Users to Patch BlueKeep Vulnerability

Security
Bluekeep patch vulnerability

The National Security Agency (NSA) has jumped into the fray recently with an advisory urging Microsoft Windows administrators and users to patch older versions of Windows. This is in the face of a large potential threat from the BlueKeep vulnerability (CVE-2019-0708). This vulnerability is in the Remote Desktop Protocol (RDP). It affects Windows XP, Windows 7, Windows Server 2003 and 2008.

Microsoft has taken the unusual step of providing a patch for the Windows XP and Windows Server 2003 operating systems, both of which have long been end of life (EOL), and hence are unsupported. The BlueKeep vulnerability is said to be ‘wormable’, meaning it could spread without user interaction across the internet.

As per the Microsoft advisory, “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

BlueKeep has been touted as potentially being on the same scale as WannaCry ransomware attack which was reported to have infected more than 230,000 computers in over 150 countries.

Kaseya’s VSA endpoint and network management solution can be used to apply the Windows XP and Windows Server 2003 patches. Automation scripts for these are available in our Automation Exchange from partners such as Upstream (part of their Power Pack and also available here).

Note that CVE-2019-0708 does not affect the latest versions of Microsoft’s operating systems— Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

However, if you are a user of the legacy Microsoft Windows OS—Windows XP and/or Windows Server 2003, apply the BlueKeep patch today!

Posted by John Emmitt
John Emmitt has more than 15 years of high technology marketing experience, including more than 10 years in the IT Management software market. John was the manager of the enterprise product marketing team at Flexera, an IT management software and SaaS company serving the Global 2000. At Kaseya, John focuses on marketing our core IT Management products to mid-market enterprises. John holds BSEE and MSCS degrees.

How MSPs can use Integrated Cybersecurity Solutions to Grow Profits

Back in the early days of managed cybersecurity services, MSPs only needed to offer things like endpoint protection and firewallRead More

Young Asian male frustrated by ransomware cyber attack

Lake City Sacks IT Director Over Ransomware Attack

As the saying goes, when nightmares come true, only then are people truly awake and take notice.   As per aRead More

Person using laptop with Backup on the screen

Re-enable Your Windows 10 Registry Backup Now!

As per the Forbes news report ‘Microsoft Issues Warning For 800M Windows 10 Users’, Microsoft has confirmed that Registry backupsRead More

Security Score Assessments

Top 5 Ways to Improve the Security of Your Business

Small and medium sized businesses (SMBs) have become more vulnerable to cyber attacks. About 43 percent of cyber attacks areRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now

Archives

Categories