NSA Urges Legacy Windows Users to Patch BlueKeep Vulnerability

Security
Bluekeep patch vulnerability

The National Security Agency (NSA) has jumped into the fray recently with an advisory urging Microsoft Windows administrators and users to patch older versions of Windows. This is in the face of a large potential threat from the BlueKeep vulnerability (CVE-2019-0708). This vulnerability is in the Remote Desktop Protocol (RDP). It affects Windows XP, Windows 7, Windows Server 2003 and 2008.

Microsoft has taken the unusual step of providing a patch for the Windows XP and Windows Server 2003 operating systems, both of which have long been end of life (EOL), and hence are unsupported. The BlueKeep vulnerability is said to be ‘wormable’, meaning it could spread without user interaction across the internet.

As per the Microsoft advisory, “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

BlueKeep has been touted as potentially being on the same scale as WannaCry ransomware attack which was reported to have infected more than 230,000 computers in over 150 countries.

Kaseya’s VSA endpoint and network management solution can be used to apply the Windows XP and Windows Server 2003 patches. Automation scripts for these are available in our Automation Exchange from partners such as Upstream (part of their Power Pack and also available here).

Note that CVE-2019-0708 does not affect the latest versions of Microsoft’s operating systems— Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

However, if you are a user of the legacy Microsoft Windows OS—Windows XP and/or Windows Server 2003, apply the BlueKeep patch today!

Posted by John Emmitt
John Emmitt has more than 15 years of high technology marketing experience, including more than 10 years in the IT Management software market. John was the manager of the enterprise product marketing team at Flexera, an IT management software and SaaS company serving the Global 2000. At Kaseya, John focuses on marketing our core IT Management products to mid-market enterprises. John holds BSEE and MSCS degrees.
Shield Icon Cyber Security, Digital Data Network Protection, Future Technology Digital Data Network Connection Background Concept.

3 Vulnerabilities to Plug to Secure Your Customers’ Remote Workforce

The migration to a remote workforce hit fast forward in the past year as businesses around the world asked employeesRead More

The Role of Endpoint Management Tools in IT Security

IT security has been the top priority of IT teams for the past several years. According to the 2020 StateRead More

Two security experts reviewing data

Cybersecurity is Crucial: Things You Must Know From the Latest Federal Hack

Endpoint security is highly critical for an organization, as a single vulnerable endpoint can act as a doorway for cybercriminalsRead More

Cybersecurity Warnings

Pay Attention to Cybersecurity Warnings

It is becoming increasingly challenging to keep up with emerging cyber threats that are even more dangerous and destructive thanRead More

Download Your Copy of the 2021 IT OPs Survey Results
2021 MSP Benchmark Survey - Download Now

Archives

Categories