Skip to main content
close search
site logo
Dive Brief

NSA, Microsoft issue BlueKeep vulnerability warnings, call for 'all hands on deck'

Published June 5, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Kendall Davis / Supply Chain Dive

Dive Brief:

  • Microsoft is "confident" an exploit exists for CVE-2019-0708, or BlueKeep, a vulnerability in the Remote Desktop Protocol of older versions of Windows, according to a security blog post last week.
  • The flaw is wormable, allowing for propagation similar to 2017's WannaCry. Proof of concept code for the vulnerability is available online, which makes heeding Microsoft's warning time-sensitive.
  • The National Security Agency (NSA) issued a cybersecurity advisory regarding BlueKeep Tuesday. The NSA warns hackers could leverage the vulnerability for a denial of service attack, advising companies to block TCP Port 3389 at their firewalls, enable network level authentication and disable Remote Desktop Services if they aren't required. 

Dive Insight:

Bad actors have a penchant for finding companies negligent of timely patches and vendors can only do so much to protect customers.

Microsoft's update warning is specifically for Windows 2003, XP and Vista, all of which are so outdated they are unsupported. However, it also includes Windows 7 and Windows Server 2008, according to Microsoft.

"This is an all-hands-on-deck situation," Jonathan Cran, head of research at Kenna Security, told CIO Dive in an email. "Most organizations are still running systems affected by BlueKeep, especially [Windows Server] 2008. Not to mention the vast number of embedded systems that still run XP or 2003."

As of May 28, there are nearly 1 million devices on the internet that are susceptible to the exploit, according to Errata Security. "Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines," according to the report's author, researcher Robert Graham.

In May 2017 the WannaCry ransomware attack targeted computers running Windows 7, a popular operating system, despite the rise in Windows 10. Microsoft had warned of updates months prior to the WannaCry cyberattack and it's clear the company "seems to be driven by the experience of WannaCry," said Cran. 

WannaCry was able to prevail because of a lack of operational discipline, where updates and patches weren't completed. This time around, Microsoft "went the extra step to backport the patch and loudly announce it in an unprecedented move" to limit the impact of a potential cyberattack, according to Cran.

Companies have had two years since WannaCry to reevaluate systems and set up regular patching governance. Microsoft has issued several announcements pertaining to the threat of an exploit, especially when it applies to largely legacy systems, or ones accommodating to upgrades.

Filed Under: Security, Corporate

Editors' picks

Company Announcements

View all | Post a press release
Revenera Monetization Monitor 2025: Product Usage Insights Drive Better Roadmaps
From Revenera
November 25, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell