Critical Update From The NSA
We reported earlier that if you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.
The NSA Is Urging To Patch Remote Desktop Services On Legacy Versions of Windows
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a vulnerability in older versions of Windows.
Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the Internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in Remote Desktop Services (RDS) on legacy versions of the Windows® operating system. The following versions of Windows® are affected:
- Windows® XP
- Windows Server® 2003
- Windows® Vista
- Windows Server® 2008
- Windows® 7
- Windows Server® 2008 R2
What Is A Wormable Virus?
This means that the virus can get into your system without you even clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.
Any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability.
For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability.
The NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
What Should You Do?
Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.
Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.
Does This Mean Even Systems Without Support Can Get The Patch?
Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.
Given the potential impact to customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support. All Windows updates are available from the Microsoft Update Catalog.
What Should You Do Before We Apply The Update?
It’s recommended that you back up all of your important data first. If you have a reliable backup, and if the patch creates problems, you can still access your data. You should do this before you install any patches.
What If You Can’t Apply The Patches?
If you can’t apply the patch for your system there are other things that you can do:
- If you don’t need the Remote Desktop Services, you can disable it.
- Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
- Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.
Of course, the best thing to do is to contact us. We’ll know exactly what to do.
What Else Should You Know?
If you had updated from Windows 7 to Windows 10 or from Windows servers 2008/2008 R2 to Windows 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.
Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.
If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.
Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.
Where Can You Get Help?
If you run a business, you can’t take any chances. Contact us to ensure your hardware and software are secure and protected from unauthorized intrusions.