NSA Warns Microsoft Windows Users: Update Now Or Face ‘Devastating Damage’ 😰
Jun 7, 2019, 05:19 am
I can’t recall ever seeing the U.S. National Security Agency (NSA) jumping in and warning users of Microsoft Windows to check if their systems are fully patched and, if not, to update now or risk a “devastating” and “wide-ranging impact.” But that’s what has just happened.
In an advisory published this week, the NSA has urged “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” That threat being BlueKeep, which has already been the focus of multiple “update now” warnings from Microsoft itself.
The NSA warning comes off the back of research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature, with nobody knows how many devices at risk within the internal networks beyond. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.
It’s hard to know exactly why the NSA has decided to issue this advisory now, especially as it hasn’t gone through the more usual U.S.-Computer Emergency Readiness Team (CERT) channel. “I suspect that they may have classified information about actor(s) who might target critical infrastructure with this exploit,” Ian Thornton-Trump, head of security at AmTrust International, told me, “that critical infrastructure is largely made up of the XP, 2K3 family.” This makes sense as although Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows Server 2008, Windows Server 2003, Windows 7, Windows XP and Windows Vista all are.
John Opdenakker, an ethical hacker, agrees that it could well indicate the NSA is in possession of further threat intelligence regarding the BlueKeep threat. “If it’s actively being exploited, then I kind of understand why they would do it,” Opdenakker told me, adding, “it’s certainly not being exploited at scale though, otherwise we would have heard about it already.” The latter point being the important one as far as the “normal user” is concerned, in my opinion. There is little denying that, as Thornton-Trump puts it, “governments are more or less the ultimate authority; vetting, testing and intelligence all has to be assembled and internally red-teamed before an estimate of risk can be assigned.” Which leads to a time lag as intelligence agencies react to the dynamic nature of such exploit disclosures.
Related Links & Disclaimer:
We are not affiliated with Oracle or Oracle’s Product Java.
The text & images for each article were copied from website of the hyperlink located at the bottom link of each article.
The views and opinions expressed in this article are not necessarily those of this sites author and do not necessarily reflect the official policy or position of JT, TC, JAVA THOUGHT.
The opinions expressed in this publication are those of the authors. The aforementioned authors do not purport to reflect the opinions or views of JT, TC, JAVA THOUGHT or its members.
If you have any question or concerns, please email the site admin at: firstname.lastname@example.org .
Please allow up to 30 business days for a reply.
The above text & images were copied from the below link.