For the first time I’ve ever seen, the National Security Agency has made a public announcement about a private company’s product, warning that all Windows users that are still using older versions of Microsoft Windows XP, Vista, Windows Server 2003/2008, or Windows 7 should upgrade or face serious remote exploit risks. Their advisory can be found here: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/
Honestly though, if you’re still using Windows XP or Windows 2000 and it’s connected to the internet, you kinda deserve everything you get. I get it, there are still some ancient programs out there that never got upgraded and you just “can’t live without it”. And I can even understand if you’re still using Windows 7 (by the way, patch that too), but really, it’s been 18 years since Windows XP was released… stop clinging and move on.
Further information from the Microsoft CVE-2019-0708 security advisory:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used by the Remote Desktop Protocol (RDP) and will block attempts to establish a connection.
- Enable Network Level Authentication. With NLA enabled, attackers would first have to authenticate to RDS in order to successfully exploit the vulnerability. NLA is available on the Windows® 7, Windows Server® 2008 and Windows Server® 2008 R2 operating systems.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
- Note that Windows® 10 systems are already protected from this vulnerability, as it only affects the older versions of Windows® listed above.