As an update to our May 15th blog post, regarding the severe security flaw, now known as BlueKeep (CVE-2019-0708), which is a Remote Desktop Services Remote Code Execution Vulnerability, please be advised of the following supplemental security recommendations from the NSA:
- Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection. Note: NYU IT has confirmed that the RDP protocol at port 3389 is blocked for incoming / ingress RDP traffic.
- Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.