NSA Issues Advisory for BlueKeep Vulnerability

  /     /     /  
Publicated : 23/11/2024   Category : security


NSA Issues Advisory for BlueKeep Vulnerability


The National Security Agency joins Microsoft in urging Windows admins to patch wormable bug CVE-2019-0708.



The National Security Agency has issued a release and advisory pushing Microsoft Windows administrators to patch BlueKeep (CVE-2019-0708), a critical remote code execution bug in Remote Desktop Services (RDS) on supported and unsupported versions of Windows.
BlueKeep affects Windows 7, Server 2008, Server 2008 R2, Vista, XP, and Server 2003. When it patched the vulnerability earlier this month, Microsoft also released fixes for out-of-support versions of Windows. In a
blog post
published this week, company officials said they are confident an exploit exists for the bug; research shows 1 million devices are still vulnerable.
NSA officials echo Microsofts concern that BlueKeep could be wormable if exploited. The vulnerability is pre-authentication, requires no user interaction, and can spread across machines in the same way WannaCry did when it caused global damage back in 2017.
It is likely only a matter of time before remote exploitation code is widely available for this vulnerability, NSA officials wrote in a news
release
. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
In its advisory, the NSA provides additional measures businesses can take as they patch and upgrade larger networks. Officials suggest blocking TCP Port 3389 at their firewalls; this port is used by RDP and can block attempts to establish a connection. They also advise enabling Network Level Authentication (NLA), which will require attackers to authenticate to RDS to exploit BlueKeep. Finally, they recommend disabling RDS if its not required for employees.
Read the full NSA advisory
here
.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Issues Advisory for BlueKeep Vulnerability