CATEGORIES
home News

Homeland Security Joins NSA In Urging Windows Users To Patch BlueKeep Worm Vulnerability ASAP

by Brandon HillTuesday, June 18, 2019, 10:39 AM EDT

Earlier this month, the National Security Agency (NSA) issued a warning to Windows users -- especially businesses running older versions of Windows -- to patch their systems against the BlueKeep wormable exploit. At the time, the NSA wrote, "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems."

Microsoft

Now the Cybersecurity and Infrastructure Security Agency (CISA) – the cybersecurity wing of the Department of Homeland Security -- is issuing its own warning about BlueKeep and the danger it poses to unpatched Windows systems. As we've previously reported, BlueKeep takes advantage of a vulnerability in the Remote Desktop Protocol (RDP) which allow an attacker to send malformed packets to a system to perform remote code execution.

According to CISA, it worked with outside partners to demonstrate that it's possible to run remote code on Windows 2000 systems with BlueKeep. However, considering that Windows 2000 is two decades old at this point, it shouldn't be too surprising that internet-facing machines running this OS would be susceptible to such a wormable exploit. Operating systems of similar vintage, including Windows XP, are also vulnerable without a patch (which you can download directly from Microsoft).

As a wormable exploit, the attacker only needs access to one system on a network, and is then able to propagate quickly throughout the network to other PCs further spreading the infection.

"CISA encourages users and administrators review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and apply the appropriate mitigation measures as soon as possible," CISA writes in its alert.

Although Microsoft hasn't released patches for Windows 2000 given its age, it has done so for Windows Vista, Windows XP, and Windows Server 2003. If you're still running Windows 2000, now might be a time to seek newer alternatives (a la Windows 10).

Tags:  Microsoft, Worm, (nasdsq:msft), bluekeep, homeland-security, cisa
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment