"This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," writes the NSA. "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems."
The NSA goes on to warn that this wormable exploit could likely be used in DDoS attacks and that it likely won't be long before the proof-of-concept code is actually made into a fully-functional WannaCry-style exploit that could wreak havoc on Windows systems across the globe. This is something that Microsoft also warned about last month.
"It is possible that we won’t see this vulnerability incorporated into malware," said Microsoft in May. "But that’s not the way to bet."
The NSA has provided the following guidelines to protect against BlueKeep in addition to installing the patch which has been provided by Microsoft:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
- Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
BlueKeep, whose official designation is CVE-2019-0708, currently affects the following Microsoft operating systems: Windows XP, Windows 7, Windows Server, Windows Server 2008 R2, and Windows Server 2008. Microsoft has made patches available for all of these operating systems, including the decrepit Windows XP.