Tuesday, June 18, 2019

U.S. Government Announces 'Critical' Warning For Microsoft Windows Users



Davey Winder
Jun 18, 2019, 04:06am

The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has gone public with a warning to Microsoft Windows users regarding a critical security vulnerability. By issuing the "update now" warning, CISA has joined the likes of Microsoft itself and the National Security Agency (NSA) in warning Windows users of the danger from the BlueKeep vulnerability.

•••••

The CISA alert appears to confirm this, stating that it has, "coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep." That it can confirm a remote code execution on Windows 2000 might not sound too frightening, this is an old operating system after all, it would be unwise to classify this as an exercise in fear, uncertainty and doubt. Until now, the exploits that have been developed, at least those seen in operation, did nothing more than crash the computer. Achieving remote code execution brings the specter of the BlueKeep worm into view as it brings control of infected machines to the attacker.

Research has already revealed that just under one million internet-facing machines are vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature. But that's just the tip of this insecurity iceberg. These are a million gateways to potentially many millions more machines that sit on the internal networks they lead to. A wormable exploit can move laterally within that network, rapidly spreading to anything and everything it can infect in order to replicate and spread. Here's the real stinger: that can include machines in an Active Directory domain even if there's no BlueKeep vulnerability to exploit. The machine running the vulnerable Remote Desktop Protocol is merely the gateway, once compromised the clever money is on an incident that could become as widespread as WannaCry was back in 2017.

•••••

While Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows 2003, Windows XP and Windows Vista all are and the news that an exploit has been confirmed justifies the unusual step of the U.S. Government and its agencies getting involved in issuing these "update now" warnings.

•••••

The CISA alert advises users to install the patches that Microsoft has made available, which includes ones for operating systems that are no longer officially supported. It also suggests users should upgrade those "end of life" systems to Windows 10. This will not, unfortunately, be possible in all cases but the patching advice remains prudent.

•••••

No comments:

Post a Comment