Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,648 posts)
Sat Jun 8, 2019, 10:30 PM Jun 2019

NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage'

Source: Forbes

Jun 7, 2019, 05:19am

NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage'

Davey Winder Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories

I can't recall ever seeing the U.S. National Security Agency (NSA) jumping in and warning users of Microsoft Windows to check if their systems are fully patched and, if not, to update now or risk a "devastating" and "wide-ranging impact." But that's what has just happened.

In an advisory published this week, the NSA has urged "Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat." That threat being BlueKeep, which has already been the focus of multiple "update now" warnings from Microsoft itself.

The NSA warning comes off the back of research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature, with nobody knows how many devices at risk within the internal networks beyond. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.


It's hard to know exactly why the NSA has decided to issue this advisory now, especially as it hasn't gone through the more usual U.S.-Computer Emergency Readiness Team (CERT) channel. "I suspect that they may have classified information about actor(s) who might target critical infrastructure with this exploit," Ian Thornton-Trump, head of security at AmTrust International, told me, "that critical infrastructure is largely made up of the XP, 2K3 family." This makes sense as although Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows 2003, Windows XP and Windows Vista all are.

-snip-


Read more: https://www.forbes.com/sites/daveywinder/2019/06/07/nsa-warns-microsoft-windows-users-update-now-or-face-devastating-damage/
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage' (Original Post) Eugene Jun 2019 OP
I know the reason why but it still astounds me marylandblue Jun 2019 #1
Hey! My cellphone is NOT more obsolete than my granddaughter's!! Stonepounder Jun 2019 #2
In inustry, it is risky and potentially expensive to screw with things that are working localroger Jun 2019 #5
My Microsoft is up to date and it does block Baitball Blogger Jun 2019 #3
Hmmm... hlthe2b Jun 2019 #4

marylandblue

(12,344 posts)
1. I know the reason why but it still astounds me
Sat Jun 8, 2019, 10:34 PM
Jun 2019

that "critical infrastructure" uses technology more obsolete than your grandmother's cellphone.

Stonepounder

(4,033 posts)
2. Hey! My cellphone is NOT more obsolete than my granddaughter's!!
Sun Jun 9, 2019, 12:09 AM
Jun 2019

(Of course neither is my computer - fully patched Windows 10)

localroger

(3,706 posts)
5. In inustry, it is risky and potentially expensive to screw with things that are working
Sun Jun 9, 2019, 07:59 AM
Jun 2019

It is not uncommon, especially when you are using machines that have custom device drivers, for a Windows update (much less OS migration) to break things that were working. This makes these businesses very reluctant to do updates that aren't completely necessary for some reason, as they can mean weeks or worse of downtime ironing out unforeseen bugs. I am aware of PLC's and other types of embedded controllers made in the 1980's and early 1990's which are still in operation today, and their operators are refusing to replace them until it becomes completely impossible to maintain the old stuff -- which at this point involves cannibalizing units taken out of service elsewhere for used spare parts. At my shop we have to keep a DOS machine on hand for some very old machines which can only be adjusted or calibrated with software that will not run on any version of Windows and has never been updated. When the manufacturer tells you you have to replace a half million dollar production machine which is mechanically fine but for which there is no modern control software, this is what you do until circumstances force you to take the pill.

Baitball Blogger

(48,034 posts)
3. My Microsoft is up to date and it does block
Sun Jun 9, 2019, 02:56 AM
Jun 2019

Attempts that emanate from Firefox, but I don’t know if it’s just blocking a graphic pop up window.

hlthe2b

(106,340 posts)
4. Hmmm...
Sun Jun 9, 2019, 07:19 AM
Jun 2019

I have two old laptops that are basically storage only now (one XP, one Win7). I use the WIN 10 laptop and disabled wifi on the others after a final update.

It just wasn't worth it anymore for the old two.

Latest Discussions»Issue Forums»National Security & Defense»NSA Warns Microsoft Windo...