NSA announcement advises 'legacy' Windows users to patch their machines against 'BlueKeep'...

[Polycount]

Late last month, Microsoft warned the public that the newly-discovered "BlueKeep" RDP vulnerability -- which is present in Windows XP, 7, Server 2008, and Server 2003 -- could be as serious as WannaCry, a well-known series of worldwide "ransomware" attacks that occurred back in 2017.

Patches for the BlueKeep vulnerability do exist, but it seems quite a few (roughly one million, according to Mspoweruser) machine owners haven't bothered to install the fixes. Whether that's because these individuals are unaware of their existence, or believe that they won't be impacted by potential exploits, we can't say for sure. In either case, Microsoft has tried its best to convince them to patch their systems, but to no avail, it seems.

Fortunately, the tech giant has just received a powerful helping hand from the US' National Security Agency (NSA). The organization today published an advisory, which warns users about the dangers of BlueKeep, while strongly advising anyone running a "legacy" version of Windows to patch their machines ASAP.

The following excerpt from the NSA's full advisory summarizes their statements:

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats... Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

Obviously, despite the NSA's status, this advisory will not guarantee results. Still, it's certainly better than nothing, and it's nice to see the organization taking the security of internet users seriously.

Hopefully, the agency's voice, combined with reports like this and announcements from Microsoft itself, will prompt the remaining holdouts to patch their machines against BlueKeep sooner rather than later. Though no worms exploiting the vulnerability appear to have been spread just yet, researchers have created several proof-of-concept attacks already, so it's only a matter of time before less savory individuals come up with similar worms.

Permalink to story.

https://www.techspot.com/news/80407-nsa-announcement-advises-legacy-windows-users-patch-their.html

 

[ShagnWagn]

Hence, why MS still needs to keep releasing patches to Win7 until they can provide another operating system that does not have privacy issues. Hackers will continue to use the huge percentage of Win7 installs still running to attack their Precious Win10.

 

[Bullwinkle M]

Not worried....

I use Windows XP-SP2 ONLINE without any Microsoft Security Updates and I'm perfectly safe


If you think I'm joking, then here's a Clue....
There is a Windows Security Expert in the room, and it's Not You!

Need another Clue?

 

[HyperPete]

Not worried....

I use Windows XP-SP2 ONLINE without any Microsoft Security Updates and I'm perfectly safe


If you think I'm joking, then here's a Clue....
There is a Windows Security Expert in the room, and it's Not You!

Need another Clue?

As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves.

Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind.

Good luck with your choices.

 

[HyperPete]

Lexter,

Concerning "no choice", I might suggest a visit to https://distrowatch.com/ as a start.

If I wanted to track down an individual's IP address (which I don't) I would review their information and their posts as a first step. Someone who boasts the way that Mr Bullwinkle has boasted here is certain to leave clues along the way. Then, there is the practice of social engineering. I am not going to provide any specifics, but one can learn a lot from Certified Ethical Hacking courses should you be interested in learning more.

I agree, I would be interested in knowing the types of security that he is using, but I rather doubt that there will be any kind of specific reply provided.
Watching this thread, for sure!

 

[HyperPete]

Linux is not a viable option for everyone either. At this point in time, some systems are just stuck with XP.

I STRONGLY disagree, but that's what makes horse races.

That's called cyber-stalking. Not always effective.

It is actually part of "social engineering" if you want to be technical. I agree, it is not always effective. But sometimes it is. The point of security is to minimize risk. You cannot ever be 100% safe unless you use a system that is not connected to any other computers. If you want to be completely safe, use an operating system with no network capabilities and ensure that the computer is physically secure, because there is no security without physical security.

I know of one set of user accessible changes that can be made to mitigate the attack vectors of this vulnerability and the "Wannacry" before it without the need of a patch from MS. I just want to see if someone has come up something new. Anything is possible.

There are many different vulnerabilities to which an unpatched Windows XP system is vulnerable, not just the one(s) discussed in this article. It is just a very bad idea to use an unsupported OS with countless known vulnerabilities.. You can argue every point I make and it will not change the fact that Windows XP is a bad choice for a computer system that is exposed to the internet, or connected to other computers. In a network situation, approximately 70% of all attacks come from within. It's not just the Internet that poses a threat.

@Bullwinkle M has declined to reply so far. I am not expecting a useful response, either. In the end, people will do what they want in spite of any information provided. "You can lead a man to knowledge, but you can't make him think."

Cheers!

 

[Cubi Dorf]

I am interesting to try linux on my pc. Is possible to run from usb drive? Where to find instructions?

Lexter,

Concerning "no choice", I might suggest a visit to https://distrowatch.com/ as a start.

If I wanted to track down an individual's IP address (which I don't) I would review their information and their posts as a first step. Someone who boasts the way that Mr Bullwinkle has boasted here is certain to leave clues along the way. Then, there is the practice of social networking. I am not going to provide any specifics, but one can learn a lot from Certified Ethical Hacking courses should you be interested in learning more.

I agree, I would be interested in knowing the types of security that he is using, but I rather doubt that there will be any kind of specific reply provided.
Watching this thread, for sure!

 

[Ravalo]

Not worried....

I use Windows XP-SP2 ONLINE without any Microsoft Security Updates and I'm perfectly safe


If you think I'm joking, then here's a Clue....
There is a Windows Security Expert in the room, and it's Not You!

Need another Clue?

As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves.

Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind.

Good luck with your choices.

Not every pc can run windows 10, so linux would be the only option (and even then its not beginner friendly)
I have a windows xp machine that I might use as a server or something (upgrading the RAM to 2 gb and maybe the cpu to an intel core 2 duo)
I use Avast to protect it from old viruses and I have had 0 problems with it (aside from being too slow)

 

[HyperPete]

I am interesting to try linux on my pc. Is possible to run from usb drive? Where to find instructions?

Yes, it is. I will post a link shortly to a utility that will be extremely helpful. You may also private message me and I will offer any assistance I am able to provide.

 

[HyperPete]

Not every pc can run windows 10, so linux would be the only option (and even then its not beginner friendly)

Linux has changed a lot recently. You might be surprised at just how user friendly it is. I would suggest taking a look at LXLE.

 

[Bullwinkle M]

Not worried....

I use Windows XP-SP2 ONLINE without any Microsoft Security Updates and I'm perfectly safe


If you think I'm joking, then here's a Clue....
There is a Windows Security Expert in the room, and it's Not You!

Need another Clue?

Ok, explain? Do you understand how this vulnerability works and what the attack vector is?

There is a way to close it up without the patch, but it requires a level of tweaking most people avoid..

Yes, I understand how this vulnerability works and what the attack vector is!

and NO, there is no way to close it up with a patch from Microsoft!
The MS Patch is for Service Pack 3 and I am running SP2

 

[Bullwinkle M]

HyperPete says....

"As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves. "
----------------------------------------
I a REAL cybersecurity specialist, I WELCOME attempts to wreck my XP box from China, N. Korea, Russia, Israel and anyone else who wants to play

In the past 5 years, all such attempts have failed!
This box has NEVER fallen to extortionware and was online during the wannacry attacks and all other extortionware attacks

This is the only box on the network and there is only one drive attached during malware testing
-------------------------------------------------------------------------
HyperPete says.....
"Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind."
-------------------------------------------------------------------------
That is the point!
I challenge everyone's concept of security who blindly follow Microsoft to their doom

LEMMINGS
All of them!

You are on an endless treadmill to nowhere

 

[Squid Surprise]

HyperPete says....

"As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves. "
----------------------------------------
I a REAL cybersecurity specialist, I WELCOME attempts to wreck my XP box from China, N. Korea, Russia, Israel and anyone else who wants to play

In the past 5 years, all such attempts have failed!
This box has NEVER fallen to extortionware and was online during the wannacry attacks and all other extortionware attacks

This is the only box on the network and there is only one drive attached during malware testing
-------------------------------------------------------------------------
HyperPete says.....
"Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind."
-------------------------------------------------------------------------
That is the point!
I challenge everyone's concept of security who blindly follow Microsoft to their doom

LEMMINGS
All of them!

You are on an endless treadmill to nowhere

Wow, an anonymous user posting that his PC is "immune to cyber attacks".... and, assuming anyone cared, how could this be verified in any way?

If you actually DID fall to a cyber attack, would anyone know? I assume you'd just ditch your $50 box at this point (cause anything with XP SP2 on it couldn't be worth any more than that) and get another PC and continue posting inane drivel on this site...

 

[Bullwinkle M]

How I do it can be found in my old posts at several online Tech sites

Anyone who "truly" believes you can find ANYTHING on the Internet should have no problem finding them all

I do not reproduce the entire list of tweaks again here as it is extreeeemely long and anyone trying to reproduce it will undoubtedly miss something

I don't want to be responsible for Your Mess

 

[Bullwinkle M]

HyperPete says....

"As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves. "
----------------------------------------
I a REAL cybersecurity specialist, I WELCOME attempts to wreck my XP box from China, N. Korea, Russia, Israel and anyone else who wants to play

In the past 5 years, all such attempts have failed!
This box has NEVER fallen to extortionware and was online during the wannacry attacks and all other extortionware attacks

This is the only box on the network and there is only one drive attached during malware testing
-------------------------------------------------------------------------
HyperPete says.....
"Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind."
-------------------------------------------------------------------------
That is the point!
I challenge everyone's concept of security who blindly follow Microsoft to their doom

LEMMINGS
All of them!

You are on an endless treadmill to nowhere

Wow, an anonymous user posting that his PC is "immune to cyber attacks".... and, assuming anyone cared, how could this be verified in any way?

If you actually DID fall to a cyber attack, would anyone know? I assume you'd just ditch your $50 box at this point (cause anything with XP SP2 on it couldn't be worth any more than that) and get another PC and continue posting inane drivel on this site...

Thanks Squid
I gave you a "Like" for your inane drivel

I'm not here to prove anything

I'm simply stating facts

If I actually did fall to a cyber attack "I WOULD KNOW"

That is all I care about and have no interest whatsoever in what you know or don't know

I'm proving TO MYSELF that this box cannot be wrecked due to malware

It is currently running/testing Windows 10 - 1903 with all the updates

I also run Win XP / 7 / 8.1 / Linux and more on the same box / different drives

Only one drive is ever connected at a time

 

[HyperPete]

OK @Bullwinkle M. I have earned a living in the Security field for years. I maintain 8 domains, including one with over 6 million users. I'm happy that you are happy with your little setup. I retire very soon. I don't really give a hoot about you or your Windows XP box. Enjoy your little fame here from your post.

@Cubi Dorf, Rufus is free software that will allow you to run Linux from a USB stick. https://rufus.ie/
EDIT: Here is another useful resource for you: https://www.linuxquestions.org/

 

[Bullwinkle M]

OK @Bullwinkle M. I have earned a living in the Security field for years. I maintain 8 domains, including one with over 6 million users. I'm happy that you are happy with your little setup. I retire very soon. I don't really give a hoot about you or your Windows XP box. Enjoy your little fame here from your post.

@Cubi Dorf, Rufus is free software that will allow you to run Linux from a USB stick. https://rufus.ie/
EDIT: Here is another useful resource for you: https://www.linuxquestions.org/

Why thank you HyperPete

I am enjoying it and am very happy

I'm giving you a "Like" as well

Hope you enjoy it

 

[HyperPete]

Interesting choice. Personally, I would recommend Linux Mint for beginners. Very user friendly and it will run on nearly any machine.

I have run Mint, as well as other Ubuntu clones. Mint is pretty polished, and it is definitely a good choice of distros. LXLE is very small and lightweight, so it's well suited to older hardware or USB sticks. It has a user friendly layout, a number of games and applications that a typical user might want already installed. It also has a number of high definition backgrounds already installed, making it a good looking distro.

But, honestly, there are so many good ones now, I recommend trying several!

 

[Squid Surprise]

Thanks Squid
I gave you a "Like" for your inane drivel

I'm not here to prove anything

I'm simply stating facts

If I actually did fall to a cyber attack "I WOULD KNOW"

That is all I care about and have no interest whatsoever in what you know or don't know

I'm proving TO MYSELF that this box cannot be wrecked due to malware

It is currently running/testing Windows 10 - 1903 with all the updates

I also run Win XP / 7 / 8.1 / Linux and more on the same box / different drives

Only one drive is ever connected at a time

So I see you didn't understand my post... maybe I should have used smaller words... YOU CAN NOT PROVE THAT YOU ARE UNHACKABLE...

And... and I can't stress this enough... we don't really care!

So I'm glad you're proud of your unhackable machine... but this thread is about how the NSA are warning people to patch their machines... and since .00001 % of users are using XP SP 2, your comments are useless...

 

[captaincranky]

Wow, an anonymous user posting that his PC is "immune to cyber attacks".... and, assuming anyone cared, how could this be verified in any way? .

Quick question. I just checked you profile page, and it tells me your name is, "squid surprise". If you do have to go through life with that as "your given name", I both salute and pity you. If that's not the case, then how are you anything other than "an anonymous user", pretty much the same as the rest of us?

 

[HyperPete]

Well, the NSA recommends the following:

• Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
• Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
• Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

But, as I have said before, most people who care about security use every tool at their disposal to ensure they and those for whom they are responsible are safe, the very most important being the application of patches as soon as they are available. Not applying patches is akin to anti-vaxers not vaccinating their children, and it allows these vulnerabilities to perpetuate in the wild.

I agree with @Squid Surprise when he said "If you actually DID fall to a cyber attack, would anyone know? I assume you'd just ditch your $50 box at this point (cause anything with XP SP2 on it couldn't be worth any more than that) and get another PC and continue posting inane drivel on this site..." and also "this thread is about how the NSA are warning people to patch their machines... and since .00001 % of users are using XP SP 2, your comments are useless..."

At this point, all Bullwinkle is doing is trolling.

 

[HyperPete]

Understood. Obviously, I am not a "general user." I need RDP frequently. I was speaking in generalities too. Most people should simply keep their system(s) up to date.

 

[Mugsy]

For all the users you've now terrified into wondering if their computer is vulnerable, how about providing:

1) A way for users to check to see if the patch is missing/installed on their system.
2) A link to where they can download the patch for their OS.

Your "patches Do Exist" link merely links to another TS post. Not cool.

 

[Markoni35]

Every OS has built-in vulnerabilities. And will always have them. This is the whole reason why United States is in war with Huawei. Because US want to have their security holes built into each phone (or computer) and other countries (of course) want their own security holes to be built-in.

No matter which hardware or software you use, the operating system will have multiple security holes built-in, on purpose. It's not going to change that soon. In fact, in the future there can only be more of them.

 

[HyperPete]

Every OS has built-in vulnerabilities. And will always have them. This is the whole reason why United States is in war with Huawei. Because US want to have their security holes built into each phone (or computer) and other countries (of course) want their own security holes to be built-in.

Or NOT!
https://www.cnet.com/news/huawei-ban-full-timeline-on-how-and-why-its-phones-are-under-fire/

 

[HyperPete]

For all the users you've now terrified into wondering if their computer is vulnerable, how about providing:

1) A way for users to check to see if the patch is missing/installed on their system.
2) A link to where they can download the patch for their OS.

Your "patches Do Exist" link merely links to another TS post. Not cool.

For Windows 10:
How to create a Windows Update shortcut on your desktop

• Right-click an empty spot on your desktop.
• Click New.
• Click Shortcut.
• Type ms-settings:windowsupdate.
• Click Next.
• Type Windows Update or whatever you'd like to name the shortcut.
• Click Finish.

-------------------------------------------------------------------------------------------------------------

For Windows 7:
How to create a Windows Update shortcut on your desktop

• Right-click an empty spot on your desktop.
• Click New.
• Click Shortcut.
• Type %windir%\System32\rundll32.exe url.dll,FileProtocolHandler wuapp.exe
  
  OR
  
  %windir%\explorer.exe shell:::{36eef7db-88ad-4e81-ad49-0e313f0c35f8}

• Click Next.
• Type Windows Update or whatever you'd like to name the shortcut.
• Click Finish.

 

[HyperPete]

For all the users you've now terrified into wondering if their computer is vulnerable, how about providing:

1) A way for users to check to see if the patch is missing/installed on their system.
2) A link to where they can download the patch for their OS.

Your "patches Do Exist" link merely links to another TS post. Not cool.

Try searching with Google: https://www.google.com/search?as_q=How+can+I+check+to+see+if+I+am+vulnerable+to+Bluekeep?

 

[HyPeroxya]

Is linux equally as vuln to these hacks? they are chip level zombieload/rowhamer , so I presume they run as machine code/asssembler ...
One way to prevent would surely be to run a (fresh every time) w/xp in a fully snadboxed VM under warp/BEOS etc

 

[HyperPete]

All versions of Linux are completely immune to WannaCry and BlueKeep both.

'nix systems are themselves, but Samba could be vulnerable to the same kind of vulnerability. See https://www.samba.org/samba/security/CVE-2017-7494.html for details. Note that this CVE was released in 2017.

As I have been saying from the outset, the very best thing that most people can and should do, is to apply their operating system's (and associated software's) security updates when they are released. As you have pointed out, there are other ways to protect one's self, but most people have neither the knowledge nor the inclination to do so.

My two cents, ymmv.