NPC Security Alerts
Microsoft and NSA Urge Action to Patch for Critical BlueKeep Vulnerability

June 13, 2019


Note to NPC Clients: All available security patches for your NPC systems are applied as they become available. As always, we are monitoring the patch status of your system and are confident our layers of security will leave you unaffected by this vulnerability. If you have other non-NPC systems on Windows 7 or older this alert will be of concern to you.


What's the issue?

Microsoft has published a Security Vulnerability named BlueKeep that entails a Remote Desktop Services Remote Code Execution Vulnerability on older Windows® systems. This type of vulnerability can facilitate the rapid spread of an infection between connected computers, so one bad click from one person on an unpatched system can bring down an entire office. The vulnerability is listed as critical and since the initial announcement from Microsoft, the U.S. National Security Agency (NSA) has also published a Cybersecurity Advisory to inform and encourage action be taken to prevent exploitation of the vulnerability.

BlueKeep is a potential danger to older Windows® system including Windows® 7, Windows® Vista, Windows® XP, Windows Server® 2003, Windows Server® 2008, and Windows Server® 2008 R2. For all these affected systems Microsoft has released a patch in the latest update even for the out-of-support systems, which is a rare move by the company. Windows® 8 and Windows® 10 systems do not have this vulnerability.

According to Microsoft, the vulnerability is a remote code execution when "pre-authentication is possible without user interaction" on affected systems. Thus, it potentially leads to a wormable threat, in which a virus can easily spread from one vulnerable computer to another vulnerable computer. The results can be devastating, as there are approximately 35.9% of Windows® systems worldwide at risk according to GlobalStats.

Although there are no known threats exploiting the vulnerability, both Microsoft and NSA believe that there is a high likelihood that cybercriminals will. "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," they explain in their Cybsersecurity Advisory.


What should I do?

Microsoft and NSA are both urging Windows® administrators and users ensure that they have the latest patch for BlueKeep (CVE-2019-0708 ) on affected systems. To address CVE-2019-0708 immediately apply the following patches for each respective affected version of the Windows® operating system:

Affected Version Patch
Windows® XP / Windows® Server 2003 Security Patch KB4500331
Windows® Vista / Windows® Server 2008 Security Patch KB4499180 OR Monthly Rollup KB4499149
Windows® 7 / Windows® Server 2008 R2 Security Patch KB4499175 OR Monthly Rollup KB4499164

Microsoft has also suggested these additional measures to ensure prevention of malicious threat:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet
  • Enable Network Level Authentication
  • Disable remote Desktop Services if they are not required


Sources:

Microsoft Security Update Guide - CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability

Microsoft TechNet - Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

National Security Agency Cybersecurity Advisory - Patch Remote Desktop Services on Legacy Versions of Windows®

GlobalStats - Desktop Windows Version Market Share Worldwide - May 2019


NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now