[ad_1]
It has been about three weeks since Microsoft asked Windows users to fix their systems against the BlueKeep vulnerability (CVE-2019-0708). Concerned by the fact that few people were aware of it, the company then issued another warning stressing the importance of installing a fix.
Now, the NSA is involved, joining Microsoft to implore users to secure their Windows XP and Windows 7 computers. The agency "fears that malicious cyber-actors are using the vulnerability contained in ransomware and kits exploits containing other known exploits, thus increasing the capabilities compared to other systems not updated ".
See also:
Microsoft and the NSA both warn that the exploit is "deworming" and wish to avoid a repeat of the WannaCry worm that has affected systems around the world in 2017. The NSA's warning asks users to " correct remote desktop services over existing versions of Windows "- especially Windows 7, Windows XP, Server 2003 and 2008.
The agency echoes the concerns of the Windows manufacturer, saying that "although Microsoft has released a fix, millions of machines are potentially vulnerable."
It continues:
This is the type of vulnerability that malicious cyber criminals frequently exploit through the use of software code that specifically targets this vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is probably only a matter of time before the remote operating code is widely available for this vulnerability. The NSA fears that malicious cyber-actors will use the vulnerability contained in a ransomware and exploit kits containing other known exploits, thus increasing the capabilities compared to other uncorrected systems.
The NSA encourages everyone to invest the time and resources needed to know your network and run the supported operating systems with the latest patches. Please refer to our opinion for more information. This is essential not only for the NSA's protection of national security systems, but for all networks.
In its security advisory, the NSA also provides tips that users can follow to secure their systems:
- Block TCP port 3389 on your firewalls, especially perimeter firewalls on the Internet. This port is used in the RDP protocol and will block attempts to establish a connection.
- Enable authentication at the network level. This enhancement of security requires that attackers have valid credentials to perform remote code authentication.
- Disable Remote Desktop Services if they are not required. Disabling unused and unnecessary services reduces the overall exposure to security vulnerabilities and is a recommended practice even in the absence of the BlueKeep threat.
[ad_2]
Source link