1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

NSA announcement advises 'legacy' Windows users to patch their machines against 'BlueKeep'...

By Polycount · 37 replies
Jun 6, 2019
Post New Reply
  1. Late last month, Microsoft warned the public that the newly-discovered "BlueKeep" RDP vulnerability -- which is present in Windows XP, 7, Server 2008, and Server 2003 -- could be as serious as WannaCry, a well-known series of worldwide "ransomware" attacks that occurred back in 2017.

    Patches for the BlueKeep vulnerability do exist, but it seems quite a few (roughly one million, according to Mspoweruser) machine owners haven't bothered to install the fixes. Whether that's because these individuals are unaware of their existence, or believe that they won't be impacted by potential exploits, we can't say for sure. In either case, Microsoft has tried its best to convince them to patch their systems, but to no avail, it seems.

    Fortunately, the tech giant has just received a powerful helping hand from the US' National Security Agency (NSA). The organization today published an advisory, which warns users about the dangers of BlueKeep, while strongly advising anyone running a "legacy" version of Windows to patch their machines ASAP.

    The following excerpt from the NSA's full advisory summarizes their statements:

    The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats... Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

    Obviously, despite the NSA's status, this advisory will not guarantee results. Still, it's certainly better than nothing, and it's nice to see the organization taking the security of internet users seriously.

    Hopefully, the agency's voice, combined with reports like this and announcements from Microsoft itself, will prompt the remaining holdouts to patch their machines against BlueKeep sooner rather than later. Though no worms exploiting the vulnerability appear to have been spread just yet, researchers have created several proof-of-concept attacks already, so it's only a matter of time before less savory individuals come up with similar worms.

    Permalink to story.

     
  2. ShagnWagn

    ShagnWagn TS Guru Posts: 684   +511

    Hence, why MS still needs to keep releasing patches to Win7 until they can provide another operating system that does not have privacy issues. Hackers will continue to use the huge percentage of Win7 installs still running to attack their Precious Win10.
     
    JaredTheDragon likes this.
  3. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63

    Not worried....

    I use Windows XP-SP2 ONLINE without any Microsoft Security Updates and I'm perfectly safe


    If you think I'm joking, then here's a Clue....
    There is a Windows Security Expert in the room, and it's Not You!

    Need another Clue?
     
    Last edited: Jun 6, 2019
  4. lexster

    lexster TS Addict Posts: 277   +135

    Ok, explain? Do you understand how this vulnerability works and what the attack vector is?

    There is a way to close it up without the patch, but it requires a level of tweaking most people avoid..
     
  5. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves.

    Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind.

    Good luck with your choices.
     
    regiq likes this.
  6. lexster

    lexster TS Addict Posts: 277   +135

    Some people don't have a choice for various reasons. Granted Mr. Bullwinkle has some serious stones bragging like that...
    ...which is why he was asked what methods have been employed to mitigate the vulnerability. It is possible that the vulnerability is solved on that end without the patch provided by MS. There is at least one known solution. He may have discovered a new one. There's more than one way to "skin a cat", to coin a phrase.
    Not only is that not completely true, it's also not that easy.
    However, when one states something as bold as that, one might hazard a guess that the person making the claim might know something we don't.
    And how would they do that through this forum? IP addresses are not publicly logged, they might not even be logged at all. So how would a hacker obtain an address to attack?
    Fair point. Sneeky, but fair...
     
  7. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    Lexter,

    Concerning "no choice", I might suggest a visit to https://distrowatch.com/ as a start.

    If I wanted to track down an individual's IP address (which I don't) I would review their information and their posts as a first step. Someone who boasts the way that Mr Bullwinkle has boasted here is certain to leave clues along the way. Then, there is the practice of social engineering. I am not going to provide any specifics, but one can learn a lot from Certified Ethical Hacking courses should you be interested in learning more.

    I agree, I would be interested in knowing the types of security that he is using, but I rather doubt that there will be any kind of specific reply provided.
    Watching this thread, for sure!
     
    Last edited: Jun 7, 2019
    lexster likes this.
  8. lexster

    lexster TS Addict Posts: 277   +135

    Linux is not a viable option for everyone either. At this point in time, some systems are just stuck with XP.
    That's called cyber-stalking. Not always effective.
    I know of one set of user accessible changes that can be made to mitigate the attack vectors of this vulnerability and the "Wannacry" before it without the need of a patch from MS. I just want to see if someone has come up something new. Anything is possible.
     
  9. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    I STRONGLY disagree, but that's what makes horse races.


    It is actually part of "social engineering" if you want to be technical. I agree, it is not always effective. But sometimes it is. The point of security is to minimize risk. You cannot ever be 100% safe unless you use a system that is not connected to any other computers. If you want to be completely safe, use an operating system with no network capabilities and ensure that the computer is physically secure, because there is no security without physical security.


    There are many different vulnerabilities to which an unpatched Windows XP system is vulnerable, not just the one(s) discussed in this article. It is just a very bad idea to use an unsupported OS with countless known vulnerabilities.. You can argue every point I make and it will not change the fact that Windows XP is a bad choice for a computer system that is exposed to the internet, or connected to other computers. In a network situation, approximately 70% of all attacks come from within. It's not just the Internet that poses a threat.

    @Bullwinkle M has declined to reply so far. I am not expecting a useful response, either. In the end, people will do what they want in spite of any information provided. "You can lead a man to knowledge, but you can't make him think."

    Cheers!
     
  10. Cubi Dorf

    Cubi Dorf TS Booster Posts: 141   +51

    I am interesting to try linux on my pc. Is possible to run from usb drive? Where to find instructions?


     
  11. Ravalo

    Ravalo TS Member Posts: 47   +12

    Not every pc can run windows 10, so linux would be the only option (and even then its not beginner friendly)
    I have a windows xp machine that I might use as a server or something (upgrading the RAM to 2 gb and maybe the cpu to an intel core 2 duo)
    I use Avast to protect it from old viruses and I have had 0 problems with it (aside from being too slow)
     
  12. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    Yes, it is. I will post a link shortly to a utility that will be extremely helpful. You may also private message me and I will offer any assistance I am able to provide.
     
  13. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    Linux has changed a lot recently. You might be surprised at just how user friendly it is. I would suggest taking a look at LXLE.
     
    Knot Schure likes this.
  14. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63

    Yes, I understand how this vulnerability works and what the attack vector is!

    and NO, there is no way to close it up with a patch from Microsoft!
    The MS Patch is for Service Pack 3 and I am running SP2
     
  15. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63

    HyperPete says....

    "As a cybersecurity specialist I would strongly advise you against the use of unsupported and unpatched operating systems. A true security specialist uses all of the tools at their disposal to avoid threats. Unpatched operating systems are a threat to all other systems on a network, not just themselves. "
    ----------------------------------------
    I a REAL cybersecurity specialist, I WELCOME attempts to wreck my XP box from China, N. Korea, Russia, Israel and anyone else who wants to play

    In the past 5 years, all such attempts have failed!
    This box has NEVER fallen to extortionware and was online during the wannacry attacks and all other extortionware attacks

    This is the only box on the network and there is only one drive attached during malware testing
    -------------------------------------------------------------------------
    HyperPete says.....
    "Furthermore, publically proclaiming your choice of OS and unpatched status is extremely unwise, as many hackers might see this as a challenge and focus their attention on you. The old "Security through obscurity" adage comes to mind."
    -------------------------------------------------------------------------
    That is the point!
    I challenge everyone's concept of security who blindly follow Microsoft to their doom

    LEMMINGS
    All of them!

    You are on an endless treadmill to nowhere
     
  16. Squid Surprise

    Squid Surprise TS Evangelist Posts: 2,507   +1,508

    Wow, an anonymous user posting that his PC is "immune to cyber attacks".... and, assuming anyone cared, how could this be verified in any way?

    If you actually DID fall to a cyber attack, would anyone know? I assume you'd just ditch your $50 box at this point (cause anything with XP SP2 on it couldn't be worth any more than that) and get another PC and continue posting inane drivel on this site...
     
    HyperPete and Bullwinkle M like this.
  17. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63



    How I do it can be found in my old posts at several online Tech sites

    Anyone who "truly" believes you can find ANYTHING on the Internet should have no problem finding them all

    I do not reproduce the entire list of tweaks again here as it is extreeeemely long and anyone trying to reproduce it will undoubtedly miss something

    I don't want to be responsible for Your Mess
     
  18. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63

    Thanks Squid
    I gave you a "Like" for your inane drivel

    I'm not here to prove anything

    I'm simply stating facts

    If I actually did fall to a cyber attack "I WOULD KNOW"

    That is all I care about and have no interest whatsoever in what you know or don't know

    I'm proving TO MYSELF that this box cannot be wrecked due to malware

    It is currently running/testing Windows 10 - 1903 with all the updates

    I also run Win XP / 7 / 8.1 / Linux and more on the same box / different drives

    Only one drive is ever connected at a time
     
  19. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    OK @Bullwinkle M. I have earned a living in the Security field for years. I maintain 8 domains, including one with over 6 million users. I'm happy that you are happy with your little setup. I retire very soon. I don't really give a hoot about you or your Windows XP box. Enjoy your little fame here from your post.

    @Cubi Dorf, Rufus is free software that will allow you to run Linux from a USB stick. https://rufus.ie/
    EDIT: Here is another useful resource for you: https://www.linuxquestions.org/
     
    Last edited: Jun 7, 2019
    Bullwinkle M likes this.
  20. lexster

    lexster TS Addict Posts: 277   +135

    Interesting choice. Personally, I would recommend Linux Mint for beginners. Very user friendly and it will run on nearly any machine.
     
  21. Bullwinkle M

    Bullwinkle M TS Booster Posts: 124   +63

    Why thank you HyperPete

    I am enjoying it and am very happy

    I'm giving you a "Like" as well

    Hope you enjoy it
     
    HyperPete likes this.
  22. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    I have run Mint, as well as other Ubuntu clones. Mint is pretty polished, and it is definitely a good choice of distros. LXLE is very small and lightweight, so it's well suited to older hardware or USB sticks. It has a user friendly layout, a number of games and applications that a typical user might want already installed. It also has a number of high definition backgrounds already installed, making it a good looking distro.

    But, honestly, there are so many good ones now, I recommend trying several!
     
    lexster likes this.
  23. Squid Surprise

    Squid Surprise TS Evangelist Posts: 2,507   +1,508

    So I see you didn't understand my post... maybe I should have used smaller words... YOU CAN NOT PROVE THAT YOU ARE UNHACKABLE...

    And... and I can't stress this enough... we don't really care!

    So I'm glad you're proud of your unhackable machine... but this thread is about how the NSA are warning people to patch their machines... and since .00001 % of users are using XP SP 2, your comments are useless...
     
    HyperPete likes this.
  24. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    Quick question. I just checked you profile page, and it tells me your name is, "squid surprise". If you do have to go through life with that as "your given name", I both salute and pity you. If that's not the case, then how are you anything other than "an anonymous user", pretty much the same as the rest of us?
     
    lexster likes this.
  25. lexster

    lexster TS Addict Posts: 277   +135

    So are you going to describe the method you use to defeat/avoid the WannaCry/BlueKeep vulnerabilities on Xp SP2? Kinda curious.
     
    HyperPete likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...