NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Windows

<i>In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken</i><p>I&#x27;d say those are the <i>first</i> things that should be done, regardless of the presence of exploits; exposing a port&#x2F;listening service to the Internet you don&#x27;t need, especially one that can remotely give complete control to an attacker, is always a bad idea. Fortunately the majority of computers out there are probably behind a NAT, which helps greatly to keep them from being hacked remotely.<p><i>Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.</i><p>Very good advice --- too bad latest Windows versions have not-so-clearly-described tons of services running by default, many of which phone home in some way, and some of which are nearly impossible to disable...

The fact that NSA does so little for cybersecurity is telling. When they say patch something, it probably means it should be national emergency.

I know we should always assume good faith.<p>From all the vulnerabilities they know, they chose to publish one that&#x27;s known and only concerns outdated software. Maybe I&#x27;m too skeptical but when the NSA starts leaking fixes for zero day exploits, I&#x27;ll take them more seriously.

The NSA and GCHQ are really concerned about the BlueKeep vulnerability.<p>It has the potential to do some serious damage.

The advisory links to <a href="https:&#x2F;&#x2F;www.nsa.gov&#x2F;Portals&#x2F;70&#x2F;documents&#x2F;what-we-do&#x2F;cybersecurity&#x2F;professional-resources&#x2F;csa-bluekeep_20190604.pdf?ver=2019-06-04-123329-617" rel="nofollow">https:&#x2F;&#x2F;www.nsa.gov&#x2F;Portals&#x2F;70&#x2F;documents&#x2F;what-we-do&#x2F;cybersec...</a> (PDF)<p>I really wonder what the utility for that distribution form is, are there people printing these out? Or is there some requirement for them to generate a document ID that they could not get for plain web&#x2F;HTML documents?

Who has the fear of visiting a URL owned by a three letter agency known for nefarious spying activities?<p>I do!<p>So here is a third party report for anyone else that views three letter agency URLs as having all the appeal of a trip to a virtual leper colony:<p><a href="https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;even-the-nsa-is-urging-windows...</a>

<i>You can totally trust our advice for all your digital security needs.</i><p>- your friendly neighborhood intelligence agency.