NSA Urges Legacy Windows Users to Patch BlueKeep Vulnerability

Security
Bluekeep patch vulnerability

The National Security Agency (NSA) has jumped into the fray recently with an advisory urging Microsoft Windows administrators and users to patch older versions of Windows. This is in the face of a large potential threat from the BlueKeep vulnerability (CVE-2019-0708). This vulnerability is in the Remote Desktop Protocol (RDP). It affects Windows XP, Windows 7, Windows Server 2003 and 2008.

Microsoft has taken the unusual step of providing a patch for the Windows XP and Windows Server 2003 operating systems, both of which have long been end of life (EOL), and hence are unsupported. The BlueKeep vulnerability is said to be ‘wormable’, meaning it could spread without user interaction across the internet.

As per the Microsoft advisory, “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

BlueKeep has been touted as potentially being on the same scale as WannaCry ransomware attack which was reported to have infected more than 230,000 computers in over 150 countries.

Kaseya’s VSA endpoint and network management solution can be used to apply the Windows XP and Windows Server 2003 patches. Automation scripts for these are available in our Automation Exchange from partners such as Upstream (part of their Power Pack and also available here).

Note that CVE-2019-0708 does not affect the latest versions of Microsoft’s operating systems— Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

However, if you are a user of the legacy Microsoft Windows OS—Windows XP and/or Windows Server 2003, apply the BlueKeep patch today!

Posted by John Emmitt
John Emmitt has more than 15 years of high technology marketing experience, including more than 10 years in the IT Management software market. John was the manager of the enterprise product marketing team at Flexera, an IT management software and SaaS company serving the Global 2000. At Kaseya, John focuses on marketing our core IT Management products to mid-market enterprises. John holds BSEE and MSCS degrees.
Guy wearing pumpkin mask holding a laptop

5 Scary Cyberattacks — How Much Did They Cost and What Can You Learn?

Cyberattacks can be as scary as horror movies. They continue to evolve, wreaking havoc in organizations and keep IT professionalsRead More

Digital lock security software suite

Leverage Two-Factor Authentication for Maximized Security

Did you know that 81 percent of data breaches are due to weak or stolen passwords? Managing passwords is a struggle forRead More

Puzzle pieces in city block

Is Consolidation Inevitable in the MSP Market?

With the recent uptick in IT channel M&A activity, for many MSPs, consolidation is a forgone conclusion. In fact, inRead More

Road Sign "Change Just Ahead"

MSPs – Get Ready to Migrate

During its nine-year run, Windows 7 has found a loyal fan base among MSPs. They cling to Windows 7 evenRead More

Connect IT - You're Invited! - Join us at MGM Grand Las Vegas - May 4th - 7th, 2020
Get the 2019 Kaseya State of IT Operations Report - Download Now

Archives

Categories