NSA Issues Warning to Patch Legacy Windows Systems Over ‘Wormable’ Threat

Andrey Suslov/Shutterstock.com

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

The National Security Agency is warning Microsoft Windows administrators to patch and update systems due to a new vulnerability called “BlueKeep.”

The National Security Agency issued a cybersecurity advisory Wednesday urging Microsoft Windows users to patch a potentially devastating security flaw called known as BlueKeep.

The NSA advisory says despite public warnings and patches releases by developer Microsoft on May 14, “Potentially millions of machines are still vulnerable” to BlueKeep, with legacy platforms including Windows 7, Windows XP and Server 2003 and 2008 all affected.

NSA warns the exploit is “potentially ‘wormable,’” meaning it could spread without user interaction across the internet, akin to past self-spreading exploits like WannaCry, which affected 300,000 machines globally in 2017.

“We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw,” the NSA advisory states. “It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

The Cybersecurity and Infrastructure Agency, which is responsible for overseeing the nation’s critical infrastructure, also issued its own advisory Tuesday to amplify the BlueKeep warning.

While organizations patch their software, NSA recommends additional measures be taken, including:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.