NSA joins chorus urging Windows users to patch ‘BlueKeep’

The United States’ National Security Agency (NSA) has issued a rare alert urging Windows users and administrators to waste no time in patching the critical ‘BlueKeep’ security flaw in older Windows systems.

“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability,” reads the NSA’s advisory.

It also specifically highlights BlueKeep’s ‘wormable’ nature and draws parallels between some major malware outbreaks in the past and the possible scenario now: “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw”.

As we also wrote in our recent article about the vulnerability, future exploits might use the flaw to propagate malware within or outside of networks in similar fashion to how, for instance, WannaCryptor, also known as WannaCry, spread a little more than two years ago.

Tracked as CVE-2019-0708, BlueKeep is a Remote Code Execution (RCE) vulnerability in Remote Desktop Services of some older versions of Windows: Windows 7, Windows Server 2008 R2, Windows Server 2008, as well as out-of-support Windows XP and and Windows Server 2003.

Microsoft rolled out the patches for BlueKeep, along with the first patch-now alert, on Patch Tuesday on May 14. Late last month, the company issued a rare second warning, calling on the owners of affected systems to install the fix as soon as possible.

At around the same time, an internet scanning effort found more than 923,000 vulnerable machines. Worryingly, it also found that the patching of the flaw was moving at a glacial pace, leaving a vast swathe of systems ripe for exploitation. There have also been reports that at least two organizations had spotted anomalous scans for Windows systems vulnerable to BlueKeep.

Meanwhile, several researchers have been able to create working proof-of-concept exploits for BlueKeep. Worries abound that sooner or later somebody will publish or use a working exploit in the wild. The extent of the damage that may then follow is anybody’s guess.

6 Jun 2019 – 06:00PM