After nearly three weeks of Microsoft urging Windows users to patch their systems, the National Security Agency (NSA) has issued a rare advisory, warning users to update their systems to protect against BlueKeep. According to Bleeping Computer, BlueKeep has the ability to infect users as quick as the EternalBlue exploit kit that has infected users with the WannaCry ransomware.
The BlueKeep vulnerability exists in Remote Desktop Services (RDP) and, like its predecessor, impacts older versions of Windows; including Windows 7, Windows XP, Server 2003, Server 2008, and Server 2008 R2. Setting the scene for a WannaCry-like attack, BlueKeep is wormable, meaning it can self-propagate from machine to machine without any human interaction.
While Windows XP and Windows 2003 are at end-of-life and no longer supported by Microsoft, BlueKeep is posing a big enough threat that the company took the unusual step of deploying patches to the software. Although the patches were issued in May, Microsoft believes that about a million internet-facing computers and servers are still unprotected.
Sean Dillon, an American researcher and software engineer, who goes by the Twitter handle “Zerosum0x0” created a proof-of-concept Metasploit module for the BlueKeep vulnerability, which successfully shows how to achieve complete takeover of a targeted Windows machine. Fortunately, Dillon plans to keep the module private, given the danger that a working exploit could pose to the general public.
On Wednesday, June 5th, the NSA issued a rare advisory, strongly encouraging individuals to patch their systems.
“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” said the agency’s advisory.
While it’s certainly rare for the NSA to intervene in matters concerning cybersecurity, one might see this as a proactive move on the NSA’s part to avoid another public relations disaster after the agency was left embarrassed two years ago from the theft of highly classified hacking tools, including EternalBlue. On the optimistic side of things, we hope the NSA is trying to warn users to prevent massive damage if an exploit is used or published.
“It’s likely only a matter of time before remote exploitation code is widely available for this vulnerability,” the NSA said in its advisory. “NSA is concerned that malicious cyber-actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
Patch Your Vulnerable Machines
Although Windows 8 and Windows 10 are not vulnerable to BlueKeep, it’s always a good practice to keep your systems up to date with the latest patches. As Microsoft said in their advisory, it only takes one vulnerable computer connected to the internet to provide a potential gateway into corporate networks, where advanced malware could spread, infecting computers across the enterprise.
“This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” Microsoft warned.
Photo courtesy of webfavourites.com