Uh-Oh: NSA Urges Patching Microsoft Windows Vulnerability

June 19, 2019 Arctic Wolf Networks

Well, here’s something you don’t see every day: the National Security Agency (NSA) recently issued a news release urging Microsoft Windows administrators and users to ensure they are using a patched and updated system.

This is on the heels of Microsoft releasing fixes for a critical remote code execution vulnerability known as BlueKeep (CVE-2019-0708) that affects some older versions of Windows. According to Microsoft, the flaw is potentially “wormable,” which would allow the vulnerability to spread across the internet without any action on the part of the user, similar to how the WannaCry malware spread in 2017.

The NSA explains, “this is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability.”

“NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

To say this is a rare warning is an understatement. A search for “patch” on the NSA’s news section only turns up this article. The NSA is not typically in the business of telling people to patch their computers. In fact, the NSA has a bit of history keeping vulnerabilities to themselves and developing exploits to take advantage of what they found. That even they’re urging people to update their computers means not only that this exploit is troublesome, but that they may have insight into an imminent attack or have accidentally let another exploit they developed into the wild.

What to Do Now

First, apply Microsoft’s patches from May 14th immediately. Then consider the specific recommendations provided by the NSA on how organizations can protect themselves against Remote Desktop Protocol (RDP) attacks:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable network-level authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable remote desktop services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Stay Safe With SOC-as-a-Service

Of course, you can’t always wait for spy agencies to give you the heads up about potential risks. To keep up with today’s cyberthreats, companies need a security operations center (SOC)-as-a-service like Arctic Wolf to provide comprehensive managed detection and response, 24/7 monitoring, vulnerability assessment and threat analysis, and incident response.

Arctic Wolf can help you stay on top of patches and improve your overall security posture so that you don’t have to wait for the NSA to tell you when a big threat comes along.

Discover how small to midsize enterprises can gain access to the required people, process, and technology that make up SOC-as-a-service by downloading the Definitive Guide to SOC-as-a-Service.


Previous Article
3 Things to Know About Managed Risk and Vulnerability Scanning
3 Things to Know About Managed Risk and Vulnerability Scanning

Vulnerabilities on your network leave the door wide open for bad actors to come in and steal proprietary da...

Next Article
New Supreme Court Ruling Has Major Implications on Corporate Data Breaches
New Supreme Court Ruling Has Major Implications on Corporate Data Breaches

Data breaches now bear major legal ramifications due to a spring Supreme Court ruling in a Zappos class act...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!