If you’re a Windows user who has yet to update your operating system after the discovery of the Bluekeep vulnerability a few weeks ago, then maybe a warning from the NSA will be enough to spur you on.
Bluekeep is a vulnerability that’s been compared to the devastating 2007 malware WannaCry that wreaked havoc on computer systems around the world, resulting in millions of dollars’ worth of damage. There’s concern that systems running older versions of Windows like Windows 7 are especially vulnerable to Bluekeep.
The NSA’s advisory, which you can read in full here, notes that Bluekeep is a vulnerability in the remote desktop feature on legacy versions of Windows. “The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” the advisory reads.
Microsoft, it continues, has warned that the Bluekeep flaw “is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
The advisory notes that these are the affected versions of Windows:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Microsoft has issued a patch, but millions of machines are reportedly still vulnerable. The NSA says it’s concerned that hackers will use this vulnerability in ransomware and exploit kits that contain other known exploits, increasing their capabilities against other unprotected systems. The Bluekeep vulnerability could also be used to conduct denial of service attacks, according to the agency.
“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” the advisory continues, also noting that Windows 10 systems are protected against the flaw and that it only affects the named older versions of Windows. “This is critical not just for NSA’s protection of National Security Systems but for all networks.”