Do You Think The NSA Will Get Their Attention?

I don’t. Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708).

After Microsoft warned Windows users on two separate occasions to patch a severe security flaw known as BlueKeep, now, the US National Security Agency has echoed the OS maker’s warning in the hopes of avoiding another WannaCry-like incident.

The NSA’s alert, authored by the agency’s Central Security Service division, is about the security flaw known as BlueKeep (CVE-2019-0708).

After WannaCry (and associated ransomware) cost corporations 100s of Millions of Dollars, and was in the news for MONTHS, you would think people might get the idea that they need to update their systems. They didn’t. (You want to spend HOW much updating systems? They work just fine today!)

I haven’t seen that any exploits are in the wild, but several have been developed by white-hat hackers, and not released. Though some “suspicious” port scanning was detected almost from the moment the bug was made public. When, not if, an exploit is released, denizens of Mahogany Row will say, “This is so unexpected!”

Advertisements

People Haven’t Updated Systems in the Face of WannaCry…

I see no reason to believe that people will update to prevent this attack. Nearly 1 Million Computers Still Vulnerable to “Wormable” BlueKeep RDP Flaw.

Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch.

It’s been 2 years since WannaCry hit, and Microsoft issued patches 2 months before that. There are still people impacted by the errors patched in 2017.

Microsoft posted the patch on (or about) May 14th, and reminded everyone again on May 30th.

The people behind those million machines are hopeless.