NSA urges to patch legacy versions of Windows

by | Jun 7, 2019

The National Security Agency of the United States (NSA) warns in an advisory to all administrators and users of Windows to check that their system is updated and patched against the latest threats. They refer to BlueKeep, a vulnerability of the remote desktop protocol of Microsoft OS (RDP) affecting Windows 7, Windows XP, Windows Server 2003 and 2008.

Microsoft released a patch for this security flaw, but the NSA reminds that millions of devices are still potentially vulnerable.BlueKeep could cause devastating damage to systems that have not been patched with a powerful impact and infect all the devices connected to the same network, since it can be exploited as a “worm”. This means that it can be spread accross the Internet without the interaction of a user, so cybercriminals could launch an attack automatically to all affected systems.

The US agency advises to use only operating systems compatible with the latest patches that keep systems safe from BlueKeep and recommends taking a series of additional measures:

  • Block TCP port 3389 in firewalls exposed to the Internet.

  • Enable network level authentication.

  • Disable remote desktop services if they are not being used.

Thanks to the features of the UDS Tunneler it is unlikely that UDS Enterprise users who access from the Internet will be affected by the issues above described, since this component ensures the security of all connections over the Internet through a secure tunnel.

In any case, and to guarantee that security of the VDI platform remains intact, the connection broker team advises administrators deploying virtual desktops with the aforementioned versions of Windows following the NSA’s recommendations and installing the corresponding security patches to avoid possible issues.

For more information, see NSA cybersecurity advisory

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.

How to avoid issues with virtual machines

Virtualization comes with a wide range of benefits for organizations. It helps cut IT costs and reduces downtime while increasing efficiency and productivity. It also increases the resiliency of networks, primarily when disasters occur, and promotes more green-friendly operations.

However, using virtual machines also comes with a set of downsides. Information security may get compromised, workloads mixed up, separation duties lost, among other issues. It is vital to know how you can get over these problems, and that’s what this article will discuss.

Let’s get started.

Archives


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content