NSA Releases Advisory on BlueKeep Vulnerability

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. The NCCIC encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s “A Reminder to Update Your Systems to Prevent a Worm,” and Microsoft Customer Guidance for CVE-2019-0708. CISA recommends patching the affected operating systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008 and Windows 2003 and Windows XP. Read the advisory at NCCIC/US-CERT.