1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

NSA announcement advises 'legacy' Windows users to patch their machines against 'BlueKeep'...

By Polycount ยท 37 replies
Jun 6, 2019
Post New Reply
  1. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    Well, the NSA recommends the following:
    • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
    • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
    • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
    But, as I have said before, most people who care about security use every tool at their disposal to ensure they and those for whom they are responsible are safe, the very most important being the application of patches as soon as they are available. Not applying patches is akin to anti-vaxers not vaccinating their children, and it allows these vulnerabilities to perpetuate in the wild.

    I agree with @Squid Surprise when he said "If you actually DID fall to a cyber attack, would anyone know? I assume you'd just ditch your $50 box at this point (cause anything with XP SP2 on it couldn't be worth any more than that) and get another PC and continue posting inane drivel on this site..." and also "this thread is about how the NSA are warning people to patch their machines... and since .00001 % of users are using XP SP 2, your comments are useless..."

    At this point, all Bullwinkle is doing is trolling.
     
    lexster likes this.
  2. lexster

    lexster TS Maniac Posts: 320   +167

    @HyperPete
    The thing is, there is a solution that does not require the use of the Microsoft patches.

    Delete the "Remote Desktop Services"(TermService), "Remote Registry" and "Remote Desktop Configuration"(SessionEnv) services the attack vector for WannaCry and BlueKeep goes away. Disabling them will work too, but if they get re-enabled the problem is back. Those services are simply rarely needed by the general user. I made a post describing the process in detail but it was deleted for some reason.

    The patches are easier, but not the only method. And I was curious of a possible alternate approach.
     
  3. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    Understood. Obviously, I am not a "general user." I need RDP frequently. I was speaking in generalities too. Most people should simply keep their system(s) up to date.
     
    lexster likes this.
  4. Mugsy

    Mugsy TS Evangelist Posts: 572   +71

    For all the users you've now terrified into wondering if their computer is vulnerable, how about providing:

    1) A way for users to check to see if the patch is missing/installed on their system.
    2) A link to where they can download the patch for their OS.

    Your "patches Do Exist" link merely links to another TS post. Not cool. :(
     
  5. Markoni35

    Markoni35 TS Booster Posts: 149   +71

    Every OS has built-in vulnerabilities. And will always have them. This is the whole reason why United States is in war with Huawei. Because US want to have their security holes built into each phone (or computer) and other countries (of course) want their own security holes to be built-in.

    No matter which hardware or software you use, the operating system will have multiple security holes built-in, on purpose. It's not going to change that soon. In fact, in the future there can only be more of them.
     
  6. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

  7. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    For Windows 10:
    How to create a Windows Update shortcut on your desktop
    • Right-click an empty spot on your desktop.
    • Click New.
    • Click Shortcut.
    • Type ms-settings:windowsupdate.
    • Click Next.
    • Type Windows Update or whatever you'd like to name the shortcut.
    • Click Finish.
    -------------------------------------------------------------------------------------------------------------

    For Windows 7:
    How to create a Windows Update shortcut on your desktop

    • Right-click an empty spot on your desktop.
    • Click New.
    • Click Shortcut.
    • Type %windir%\System32\rundll32.exe url.dll,FileProtocolHandler wuapp.exe

      OR

      %windir%\explorer.exe shell:::{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
    • Click Next.
    • Type Windows Update or whatever you'd like to name the shortcut.
    • Click Finish.
     
  8. lexster

    lexster TS Maniac Posts: 320   +167

    This is only helpful to those who are willing to trust Microsoft or don't need to worry about trusting them. Because of antics in the recent past, not everyone does or wants to. Thus alternatives are always desired.
     
  9. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35


    Try searching with Google: https://www.google.com/search?as_q=How+can+I+check+to+see+if+I+am+vulnerable+to+Bluekeep?
     
    lexster likes this.
  10. HyPeroxya

    HyPeroxya TS Enthusiast Posts: 80   +10

    Is linux equally as vuln to these hacks? they are chip level zombieload/rowhamer , so I presume they run as machine code/asssembler ...
    One way to prevent would surely be to run a (fresh every time) w/xp in a fully snadboxed VM under warp/BEOS etc
     
  11. lexster

    lexster TS Maniac Posts: 320   +167

    All versions of Linux are completely immune to WannaCry and BlueKeep both.
     
    HyperPete likes this.
  12. HyperPete

    HyperPete TS Enthusiast Posts: 70   +35

    'nix systems are themselves, but Samba could be vulnerable to the same kind of vulnerability. See https://www.samba.org/samba/security/CVE-2017-7494.html for details. Note that this CVE was released in 2017.

    As I have been saying from the outset, the very best thing that most people can and should do, is to apply their operating system's (and associated software's) security updates when they are released. As you have pointed out, there are other ways to protect one's self, but most people have neither the knowledge nor the inclination to do so.

    My two cents, ymmv.
     
    lexster and jobeard like this.
  13. lexster

    lexster TS Maniac Posts: 320   +167

    While that's a good point, Samba is a Windows code replication environment that acts a interface between Windows networks and 'nix OS. I just don't see anyone taking advantage of that attack vector the same way that Windows was hit, for two reasons;

    1. Any OS using Samba is going to be greatly more difficult to penetrate than Windows even if the initial stage of such an attack is successful, and..

    2. Market saturation and audience participation. 'nix users are far more tech savvy and will actively resist such efforts. Couple that with the fact that 'nix based systems are(unfortunately) in the minority in the world. The effort to create malware based on that attack vector is extremely unlikely to yield results that are worth the greater effort required.
     
    HyperPete likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...