Bluekeep: NSA Warns Windows Users To Update And Upgrade

The National Security Agency (NSA) has issued a rare advisory in which it warned of the risk associated with the ‘Bluekeep’ threat facing users of legacy Windows systems.

Indeed, the threat is deemed to be so serious that Microsoft released the BlueKeep patch for out-of-support systems including Windows XP and Windows 2003, last month.

And earlier this week micro-patching service 0patch released a fix for the “BlueKeep” flaw aimed at always-on systems that for one reason or another cannot be rebooted, or cannot apply Microsoft patches.

Microsoft patch

Microsoft at the time of its patch said that the flaw was so bug so bad that it cloud lead to massive global computer virus outbreak like the WannaCry malware, so it has issued a rare patch for both XP and Windows 2003.

Windows XP launched way back in 2001 and Microsoft had ended its official support for XP back in April 2014.

In-support systems including Windows 7, Windows Server 2008 R2 and Windows Server 2008 are also affected, but Windows 8 and Windows 10 are not.

The issue, tracked as CVE-2019-0708, affects Remote Desktop Services.

It bypasses authentication steps and does not require user interaction, meaning it could be exploited to create a “worm” that spreads automatically from one vulnerable system to another.

That makes it similar to the EternalBlue exploit believed to have been originally discovered by the  NSA, and which was used in the WannaCry, NotPetya and Bad Rabbit malware outbreaks.

The exploit was also reportedly used by ransomware that targeted the city of Baltimore last month, hobbling the city’s public services for weeks.

Since Microsoft’s alert several third-party security researchers said they have developed working exploits for BlueKeep.

NSA warning

Into this has stepped the top secret US intelligence service, the NSA.

It warned in its advisory that legacy versions of Windows were at serious risk.

“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” it said. “Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet.”

It said that despite Microsoft’s patch (CVE-2019-0708), potentially millions of machines are still vulnerable.

“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability,” the NSA said. “For example, the vulnerability could be exploited to conduct denial of service attacks.

“It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” it said. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

Update now

Security experts were quick to point out that the problem stems from people not upgrading to more modern operating systems.

“It’s shocking to think that some people and businesses are still not using the most up to date software or operating systems after everything we hear about and multiple cyber attacks,” said Jake Moore, Cyber Security specialist from ESET.

“Patching the operating system isn’t as inconvenient as people may think which is possibly the main reason that some don’t do it.,” said Moore. “Microsoft has made it very easy to update, and they shouldn’t be taken lightly. We need to change the attitude of some who miss a few updates to consolidate those updates in the “next one.”

“Furthermore, up to date antivirus is just as important,” Moore added. “However, it becomes insignificant without an up to date OS.”

“Although this particular vulnerability is directed at Windows, iOS users need to remember that they too need antivirus and remember to keep up to date,” he warned. “Far too often, I still hear from Apple users that they don’t require computer protection. This myth has been debunked many times in recent years, and they need to act fast.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago