NSA Urges Legacy Windows Users to Patch BlueKeep Vulnerability

Security
Bluekeep patch vulnerability

The National Security Agency (NSA) has jumped into the fray recently with an advisory urging Microsoft Windows administrators and users to patch older versions of Windows. This is in the face of a large potential threat from the BlueKeep vulnerability (CVE-2019-0708). This vulnerability is in the Remote Desktop Protocol (RDP). It affects Windows XP, Windows 7, Windows Server 2003 and 2008.

Microsoft has taken the unusual step of providing a patch for the Windows XP and Windows Server 2003 operating systems, both of which have long been end of life (EOL), and hence are unsupported. The BlueKeep vulnerability is said to be ‘wormable’, meaning it could spread without user interaction across the internet.

As per the Microsoft advisory, “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

BlueKeep has been touted as potentially being on the same scale as WannaCry ransomware attack which was reported to have infected more than 230,000 computers in over 150 countries.

Kaseya’s VSA endpoint and network management solution can be used to apply the Windows XP and Windows Server 2003 patches. Automation scripts for these are available in our Automation Exchange from partners such as Upstream (part of their Power Pack and also available here).

Note that CVE-2019-0708 does not affect the latest versions of Microsoft’s operating systems— Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

However, if you are a user of the legacy Microsoft Windows OS—Windows XP and/or Windows Server 2003, apply the BlueKeep patch today!

Posted by John Emmitt
John Emmitt has more than 15 years of high technology marketing experience, including more than 10 years in the IT Management software market. John was the manager of the enterprise product marketing team at Flexera, an IT management software and SaaS company serving the Global 2000. At Kaseya, John focuses on marketing our core IT Management products to mid-market enterprises. John holds BSEE and MSCS degrees.
Laptop with Windows 8 on screen

It’s Time to Get Started on Windows 7 End of Life Migrations

This January, Microsoft will discontinue all support for Windows 7 and Windows Server 2008, including any type of security patches.Read More

Zero Gravity in Office

Secure Your World – Right the Upside Down

The IT Upside Down can be a terrifying place to be in. Dealing with Demogorgon-sized security breaches and Mind Flayer layeredRead More

How MSPs can use Integrated Cybersecurity Solutions to Grow Profits

Back in the early days of managed cybersecurity services, MSPs only needed to offer things like endpoint protection and firewallRead More

Young Asian male frustrated by ransomware cyber attack

Lake City Sacks IT Director Over Ransomware Attack

As the saying goes, when nightmares come true, only then are people truly awake and take notice.   As per aRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now

Archives

Categories